RESULTS FROM 1 TO 20 OF 164

2023, Articolo in rivista, ENG

Segment Routing v6 - Security Issues and Experimental Results

David Lo Bascio and Flavio Lombardi

SRv6 can provide hybrid cooperation between a centralized network controller and network nodes. IPv6 routers maintain multi-hop ECMP-aware segments, whereas the controller establishes a source-routed path through the network. Since the state of the flow is defined at the ingress to the network and then is contained in a specific packet header, called Segment Routing Header (SRH), the importance of such a header itself is vital. Motivated by the need to study and investigate this technology, this paper discusses some security-related issues of Segment Routing. A SRv6 capable experimental testbed is built and detailed. Finally, an experimental test campaign is performed and results are evaluated and discussed.

International journal of ubiquitous systems and pervasive networks 18 (1), pp. 15–21

DOI: 10.5383/juspn.18.01.003

2023, Articolo in rivista, ENG

A systematic mapping study on security for systems of systems

Olivero M.A.; Bertolino A.; Dominguez-Mayo F.J.; Escalona M.J.; Matteucci I.

In the late twentieth century, the term "System of Systems" (SoS) became popular to describe a complex system made up of a combination of independent constituent systems. Since then, several studies have been conducted to support and assess SoS management, functionality, and performance. Due to the evolutionary nature of SoS and the non-composability of the security properties of its constituent systems, it is difficult to assess or evaluate SoS security. This paper provides an up-to-date survey on SoS security, aimed at stimulating and guiding further research efforts. This systematic mapping study (SMS) focuses on SoS security, privacy, and trust. Our SMS identified 1828 studies from 6 digital libraries, 87 of which were selected that presented approaches analyzing, evaluating, or improving security. We classified these studies using nine research questions that focused on the nature of the studies, the studied SoS, or the study validation. After examining the selected studies, we identified six gaps and as many future work directions. More precisely, we observed that few studies examine SoS problems and instead propose specific solutions, making it challenging to develop generalizable approaches. Furthermore, the lack of standardization has hindered the reuse of existing approaches, making it difficult for solutions to be generalized to other SoS. In addition, the lack of descriptions of industrial environments in the literature makes it difficult to design realistic validation environments. As a result, the validation of new SoS research remains a challenge in the field.

International journal of information security (Internet)

DOI: 10.1007/s10207-023-00757-0

2023, Contributo in atti di convegno, ENG

A novel smart camera network for real time public transport monitoring and surveillance

Carboni A.; Leone G.R.; Nardi S.; Corrado A.; Moroni D.

In this paper, we present the environment perception layer of the Smart Passenger Center (SPaCe), a novel integrated framework for public transport management. This layer is a pervasive vision architecture for improved safety and security in the context of public transportation. Privacy and technological constraints are still significant limitations for the real-time analysis of video streams from video capture devices installed on public transport vehicles. In fact, in almost all cases, this analysis is carried out offline and lacks any predictive processing, which is now potentially applicable to all transport sectors, thanks to machine learning and artificial vision techniques. The architecture described is designed to combine the output of a set of parallel processing, all running onboard in real-time, thus allowing the separation of the information collected from actual passengers' identities. The analysis highlights aspects that affect travel and travellers safety, such as people's behaviour and the state of maintenance of vehicles.

ITSC 2023 - 26th IEEE International Conference on Intelligent Transportation Systems, Bilbao, Spain, 24-28/09/2023

2023, Articolo in rivista, ENG

A Novel Homomorphic Encryption and Consortium Blockchain-based Hybrid Deep Learning Model for Industrial Internet of Medical Things

Ali, Aitizaz and Pasha, Muhammad Fermi and Guerrieri, Antonio and Guzzo, Antonella and Sun, Xiaobing and Saeed, Aamir and Hussain, Amir and Fortino, Giancarlo

Securing Electronic Medical Records (EMRs) is one of the most critical applications of cryptography over the Internet due to the value and importance of data contained in such EMRs. Although blockchain-based healthcare systems can provide security, privacy, and immutability to EMRs, several outstanding security and latency issues are associated with existing schemes. For example, some researchers have used the blockchain as a storage tool which increases delay and adversely affects the blockchain performance since it stores a copy of each transaction. A distributed ledger also requires appropriate space and computational power with increased data size. In addition, existing healthcare-based approaches usually rely on centralized servers connected to clouds, which are vulnerable to denial of service (DoS), distributed DoS (DDoS), and collusion attacks. This paper proposes a novel hybrid-deep learning-based homomorphic encryption (HE) model for the Industrial Internet of Medical Things (IIoMT) to cope with such challenges using a consortium blockchain. Integrating HE with the proposed IIoMT system is a vital contribution of this work. The use of HE while outsourcing to the cloud the storage provides a unique facility to perform any statistical and machine learning operation on the encrypted EMR data, hence providing resistance to collusion and phishing attacks. Our proposed model uses a pre-trained hybrid deep learning model in the cloud and deploys the trained model into blockchain-based edge devices in order to classify and train local models using EMRs. This is further conditioned on the private data of each edge and IoT device connected with the consortium blockchain. All local models obtained are aggregated to the cloud to update a global model, which is finally disseminated to the edge nodes. Our proposed approach provides more privacy and security than conventional models and can deliver high efficiency and low end-to-end latency for users. Comparative simulation analysis with state-of-the-art approaches is carried out using benchmark performance metrics, which show that our proposed model provides enhanced security, efficiency, and transparency.

IEEE transactions on network science and engineering (Online)

DOI: 10.1109/TNSE.2023.3285070

2023, Articolo in rivista, ENG

LENTO: Unpredictable Latency-based continuous authEntication for Network inTensive IoT envirOnments

Mohammed Al-Sadi, Roberto Di Pietro, Flavio Lombardi, Matteo Signorini

Started as a hyped technology a few years ago, IoT is now a reality providing sensing and computing capabilities from SCADA systems to households. At their core, IoT devices connect to the outside world to share sensed or computed data. However, the sensitivity and privacy of shared data has made access management a stringent need also for the IoT. In particular, continuous authentication could solve a few security issues, like session hijacking, via checking device legitimacy for each exchanged message and preventing attackers from pretending their actions came from authenticated devices. To date, device-to-device (D2D) continuous authentication still relies on tokens/certificates or devices' fingerprints such as battery levels or location. The cited solutions, while being not always implementable on resource constrained devices, provide low-entropy and thus sporting a non negligible probability of being guessable during impersonation attacks. In this paper, we overcome the above limitations with LENTO: unpredictable Latency-based continuous authEntication for Network inTensive IoT envirOnments. In addition to a thorough analysis, we also offer experimental validation of our proposal. We have deployed LENTO as an additional authentication module of the well-known NextCloud platform, and we have performed an extensive experimental campaign. Collected results confirm our working hypothesis. Network delays can be exploited as random seeds in continuous authentication protocols as they provide as much entropy as standard approaches. To the best of our knowledge, our approach is the first continuous authentication protocol relying purely on the network characteristics, regardless of the underneath computing base trustworthiness. Given the minimal overhead introduced by our solution, it provides continuous authentication even for those devices that cannot afford to run (defacto) standard protocols. As such, LENTO could be retrofitted, offering enhanced security to a plethora of nowadays unsecured devices.

Future generation computer systems 139, pp. 151–166

DOI: 10.1016/j.future.2022.09.023

2022, Rapporto tecnico, ITA

Un modello di designazione dell'amministratore di sistema realizzato per il Consiglio Nazionale delle Ricerche in applicazione del Regolamento (UE) 2016/679 sulla protezione dei dati personali

Amenta V.; Deluca R.; Fullone A.; Glielmi A.; Ippoliti M.; Micolitti O.; Niccoli D.

Predisposizione di un modello esemplificativo per la designazione della figura di amministratore di sistema, modulabile sulle base delle effettive specificità delle strutture CNR.

2022, Contributo in atti di convegno, ENG

On SRv6 Security

Lo Bascio, David and Lombardi, Flavio

SRv6 is a routing architecture that can provide hybrid cooperation a centralized network network policy, nodes: IPv6 routers maintain the multi-hop ECMP-aware segments, whereasbetween the controller, responsible for controller the Traffic and Engineering IPv6 routers maintain multi-hop ECMP-aware segments, whereas thethe controller, responsible for theatTraffic Engineering policy, combines them to formthe a source-routed path through the network. Since state of the flow is defined the ingress to the network combines to forminaasource-routed path through the Segment network. Routing Since theHeader state of(SRH), the flow defined at the to the network and then isthem contained specific packet header, called theis importance of ingress such a header itself is and then is contained in a specific packet header, called Segment Routing Header (SRH), the importance of such a header itself is vital. Motivated by the increasing success and widespread deployment of such approaches and technologies, this paper introduces vital. Motivated by the increasing andtied widespread deployment suchthe approaches technologies, this paper introduces the context and discusses some ofsuccess the issues to possible tamperingofwith Segment and Routing Header content. Finally, some the context discusses some ofaimed the issues tied to possible tampering with the Segment Routing Header content. Finally, some details of anand experimental testbed at evaluating the above issues are provided. details of an experimental testbed aimed at evaluating the above issues are provided.

The 13th International Conference on Ambient Systems, Networks and Technologies (ANT) The 13th International Conference on -Ambient Systems, Networks and Technologies (ANT), Porto, Portuga, 22/03/2022,25/03/2022Procedia computer science 201, pp. 406–412

DOI: 10.1016/j.procs.2022.03.054

2022, Articolo in rivista, ENG

A Delphi study to recognize and assess systems of systems vulnerabilities

Olivero M. A.; Bertolino A.; Dominguez-Mayo F. J.; Matteucci I.; María José Escalona M. J.

Context System of Systems (SoS) is an emerging paradigm by which independent systems collaborate by sharing resources and processes to achieve objectives that they could not achieve on their own. In this context, a number of emergent behaviors may arise that can undermine the security of the constituent systems. Objective We apply the Delphi method with the aims to improve our understanding of SoS security and related problems, and to investigate their possible causes and remedies. Method Experts on SoS expressed their opinions and reached consensus in a series of rounds by following a structured questionnaire. Results The results show that the experts found more consensus in disagreement than in agreement about some SoS characteristics, and on how SoS vulnerabilities could be identified and prevented. Conclusions From this study we learn that more work is needed to reach a shared understanding of SoS vulnerabilities, and we leverage expert feedback to outline some future research directions.

Information and software technology 146

DOI: 10.1016/j.infsof.2022.106874

2022, Rapporto tecnico, ITA

GDPR: breve panoramica per un'applicazione consapevole. Il Report è corredato da moduli e formulari.

Amenta V.; Deluca R.

Il documento contiene una descrizione interpretativa delle principali disposizioni contenute nel Regolamento (eu) 2016/679 al fine di supportare il personale in merito alle attività di trattamento dati personali. Il documento è corredato da moduli e formulari.

2021, Presentazione, ENG

Evaluation of security policies: common challenges

Elena RAGAZZI, Lisa SELLA, Alessia DE SANTO, Thu Nga LE

Safety and security policies address a long list of risks including (but not limited to): oOccupational safety and health oTransport safety oNatural risks (including seismic risk) oCybersecurity oPhysical security (including defence against terroristic attacks) The listed topics appear to be very far from each other, nevertheless they share some common features and issues: oThe issue of security and safety as a public good oThis market failure imposes to act with regulation, public investment and/or incentives (sticks and carrots); oThe role of individual awareness underlying the role of training and communication (sermons); oThe necessity to work on both sides of protection and resilience; oThe issue of multilevel (institutional level and regional level) governance, since risks may only be addressed properly in a systemic way but the implementation of policies/regulation needs to be adapted to specific conditions. Safety and security policies are very specialised topics in which the number of scholars is limited. In fact, the different nature of the risks and of the technologies aiming at their reduction impose a deep and differentiated knowledge of the specific context. Nevertheless methodological cross-sectoral insights are frequent, not only for the above economic aspects, but because they share some challenges, such as: oThe problem of performance metrics 1. Security is a multifaced phenomenom. It is difficult to identify a single variable to represent it, while composite indicators are difficult to measure and have the problem of weighting; oThe problem of performance metrics 2. The difficulty to identify indicators that address outcomes of the policy and that are sensitive; oThe fact that the outcome of any policy is connected to risk, which il probabilistic variable (a reduction in the probability to suffer consequences of an aleatory event, such as an accident or a cyberattack); oThe difficulty to detangle the causal link between the policy/regulation and the desired outcome oSince most policies are in the form of overall regulation, the lack of a proper counterfactual hampers the possibility of impact evaluation In our presentation we will discuss in deep the issues above as a presentation and a guide for the speakers of the session.

Le sfide dei territori nell'era pst-covid. AISRe web conference, On-line, 8-10/09/2021

2021, Articolo in rivista, ENG

Android collusion detection by means of audio signal analysis with machine learning techniques

Casolare, Rosangela; Di Giacomo, Umberto; Martinelli, Fabio; Mercaldo, Francesco; Santone, Antonella

Smartphones, tablets and other mobile devices have become objects that we can no longer do without, as a matter of fact for us they are like an extension of our body and many people are addicted to them; this behavior is a consequence of the use we make of it, since these devices allow us to manage sensitive data (i.e., financial ones) and access information of different types (i.e., photos, messages or health data). For this reason it is essential to detect the harmful behaviors present within our smartphones, taking into account the weaknesses of the current anti-malware mechanisms. In this article we propose an approach capable of discriminating trusted applications from those that instead have malicious behavior, since they are involved in a colluding attack. We resort to the processing of the audio signal extracted from the conversion of an application into an audio file. The processing allows to generate a vector of characteristics to be analyzed with different classifiers. The experimental analysis is performed on a set of Android applications consisting of 359 trusted and (colluding) untrusted applications, showing the effectiveness of our method in detecting colluding applications.

Procedia (Online) 192, pp. 2340–2346

DOI: 10.1016/j.procs.2021.08.224

2021, Rapporto tecnico, ITA

Il trattamento dei dati personali da parte dei soggetti autorizzati al trattamento nel Consiglio Nazionale delle Ricerche: istruzioni per il trattamento in applicazione del Regolamento UE 2016/679 sulla protezione dei dati personali declinate per l'Unità Affari Legali e Albo Avvocati.

Deluca R.; Amenta V.; Ippoliti M.; Fullone A.; Glielmi A.; Niccoli, D.

Predisposizione di un modello esemplificativo contenente alcune ipotesi di misure tecniche e organizzative, avente la funzione di intercettare le plurime richieste delle strutture dell'Ente circa la necessità di poter disporre di una strumentazione di base, ma al tempo stesso modulabile sulla base delle effettive specificità delle stesse, cosi da metterle a disposizione delle strutture del C.N.R. (Amministrazione centrale e Rete scientifica).

2021, Contributo in atti di convegno, ENG

Internet of things and privacy

V. Amenta (1); M. C. Buzzi (1); M. Buzzi (1); A. Montemurro (2)

Today the Internet of Things (IoT) empowers our lives, simplifying interaction and services in many fields including smart homes and cities, telemedicine and healthcare, transportation, security and social life. In many IoT applications, personal data are automatically collected and stored in cloud systems, processed and used for purposes such as creating user profiles, monitoring health, personalized advertising and more. The main cost of this process involves data that are collected by providers and organizations. This paper discusses important privacy and security issues raised by the main IoT devices, specifically considering the obligations imposed by the General Data Protection Regulation (GDPR) on the organizations collecting data relating to people in the European Union.

IADIS International Conference e-Society (ES 2021), online/virtuale, 03-05/03/2021

2021, Rapporto di progetto (Project report), ENG

ACCORDION D4.1 - Edge/Cloud continuum management framework report (I)

Taleb T.; Violos J.; Tsanakas S.; Pagoulatou T.; Theodoropoulos T.; Coppola M.; Dazzi P.; Ferrucci L.; Diego F.; Marin E.; Kourtelis N.

This deliverable provides the first report summarizing the scientific advancements, during the first year of the project, achieved by WP4 Tasks. Work Package (WP) 4, dubbed Edge/Cloud continuum management framework, is organized around 6 Tasks is to develop a framework that efficiently manages the deployment and runtime of ACCORDION applications on the continuum.

2021, Articolo in rivista, ENG

Towards an interpretable deep learning model for mobile malware detection and family identification

Iadarola G. (1); Martinelli F. (1); Mercaldo F. (1); Santone A. (2)

Mobile devices are pervading everyday activities of our life. Each day we store a plethora of sensitive and private information in smart devices such as smartphones or tablets, which are typically equipped with an always-on internet connection. These information are of interest for malicious writers that are developing more and more aggressive harmful code for stealing sensitive and private information from mobile devices. Considering the weaknesses exhibited from current antimalware signature-based detection, in this paper we propose a method relying on application representation in terms on images used to input an explainable deep learning model designed by authors for Android malware detection and family identification. Moreover, we show how the explainability can be considered from the analyst to assess different models. Experimental results demonstrated the effectiveness of the proposed method, obtaining an average accuracy ranging from 0.96 to 0.97; we evaluated 8446 Android samples belonging to six different malware families and one more family for trusted samples, by providing also interpretability about the predictions performed by the model.

Computers & security 105

DOI: 10.1016/j.cose.2021.102198

2021, Articolo in rivista, ENG

Exploiting If This Then That and Usage Control obligations for Smart Home security and management

Giorgi G. (1); La Marra A. (2); Martinelli F. (1); Mori P. (1); Rizos A. (3); Saracino A. (1)

In this article we present an application of the Usage Control paradigm to a Smart Home infrastructure, based on a model extension and structured use of obligations. In the proposed extended model obligations are exploited to enforce two different access revocation time, namely revoke and suspend. This increases the policy expressiveness and enable to optimize the resource usage. Furthermore, obligations are exploited to send commands via IFTTT to different interconnected Smart Home devices, to impose safety-relevant behaviors, or to act on policy attributes to implement a self-healing paradigm for revoked sessions. The article is motivated by a parental control use case where deep learning is used in combination with Usage Control to regulate dynamically viewing rights of a smart-TV and interactions with interconnected devices. Accuracy and performance experiments show the effectiveness and feasibility of the proposed work.

Concurrency and computation (Online)

DOI: 10.1002/cpe.6189

2021, Articolo in rivista, ENG

Hypothesis testing in presence of adversaries

J. González-Ortega, D. Ríos Insua, F. Ruggeri, and R. Soyer

We present an extension to the classical problem of hypothesis testing by incorporating actions of an adversary who intends to mislead the decision-maker and attain a certain benefit. After presenting the general problem within an adversarial statistical decision theory framework, we consider the cases of adversaries who can either perturb the data received or modify the underlying data-generating process parametrically. Supplemental materials for this article are available online.

The American statistician 75 (1), pp. 31–40

DOI: 10.1080/00031305.2019.1630001

2020, Rapporto tecnico, ITA

Regolamento utilizzo dei sistemi informatici, rete telematica e sicurezza Istituto di Scienza e Tecnologie dell'informazione "A. Faedo" - Versione novembre 2020

Amendola T.; Deluca R.; Diciotti R.; Fantini E.; Piccioli T., Volpini F.

Regolamento interno mirato ad evitare che comportamenti inconsapevoli possano innescare problemi o minacce alla sicurezza nel trattamento dei dati personali.

2020, Altro prodotto, ENG

The Water-Energy Security Nexus in the Middle East

Giulia Giordano, Desiree A.L. Quagliarotti

The interlinkages between water, energy and food are especially evident in the Middle East, perhaps more than in other regions in the world. Generally, the region is notable for being energy intensive, water scarce, food deficient, and one of the most vulnerable to the impact of climate change (Lange, 2019). Despite those common characteristics, each country shows specific climatic, ecological and socioeconomic features, which influence the complex interactions of the WEF nexus and affect states' ability to meet their water, food and energy needs. As several nexus studies conducted in the Middle East point out, the need to meet the rapidly growing demand for water, energy and food in an increasingly resource-constrained scenario (FAO, 2018; Borgomeo et al., 2018), associated with WEF conventional policy and decision making in "silos", has fuelled a vicious circle that has ended up favouring trade-offs rather than amplifying synergies between sectors (Shannak, Mabrey & Vittorio, 2018). Furthermore, environment and security are strictly interlinked in the region implying the need to add the security dimension to the nexus. This chapter has three main objectives. First, to analyse the water-energy (WE) nexus challenges and associated risks in the Middle East. Second, to describe what it actually means to render water and energy in terms of security exploring the water-energy-security (WES) nexus and the linkages between nexus and securitisation. Third, to highlight the opportunities in terms of water and energy security arising from turning the nexus into a virtuous circle. Results from case studies are also discussed.

2020, Rapporto tecnico, ITA

Analisi dello stato dell'arte e individuazione dei criteri per la misurabilità delle performace richieste al manager della sicurezza

Miori V.; Russo D.; Pillitteri L.

Nel presente documento viene analizzato lo stato dell'arte dei criteri esistenti in letteratura per la misura delle performance di un sistema per la gestione della sicurezza e delle emergenze. In dettaglio, il documento è strutturato in tre sezioni principali che trattano l'ambito di diagnosi, prognosi e tolleranza ai guasti. In ogni sezione vengono dapprima richiamati i concetti di base principali, e successivamente descritti i principali criteri di misura delle performance che sono potenzialmente applicabili nel caso del manager della sicurezza.

InstituteSelected 0/17
    IIT, Istituto di informatica e telematica (81)
    ISTI, Istituto di scienza e tecnologie dell'informazione "Alessandro Faedo" (52)
    ICAR, Istituto di calcolo e reti ad alte prestazioni (9)
    IAC, Istituto per le applicazioni del calcolo "Mauro Picone" (7)
    ISMed, Istituto di studi sul Mediterraneo (5)
    IEIIT, Istituto di elettronica e di ingegneria dell'informazione e delle telecomunicazioni (4)
    IMATI, Istituto di matematica applicata e tecnologie informatiche "Enrico Magenes" (4)
    ISSIA, Istituto di studi sui sistemi intelligenti per l'automazione (3)
    IMAMOTER, Istituto per le macchine agricole e movimento terra (2)
    IRCRES, Istituto di Ricerca sulla Crescita Economica Sostenibile (2)
AuthorSelected 0/128
    Martinelli Fabio (49)
    Matteucci Ilaria (17)
    Mori Paolo (12)
    Petrocchi Marinella (12)
    Yautsiukhin Artsiom (11)
    Saracino Andrea (8)
    Ter Beek Maurice Henri (8)
    Bertolino Antonia (6)
    Caviglione Luca (5)
    Costantino Gianpiero (5)
TypeSelected 0/18
    Contributo in atti di convegno (52)
    Articolo in rivista (44)
    Rapporto tecnico (22)
    Contributo in volume (16)
    Rapporto di progetto (Project report) (8)
    Curatela di atti di convegno (conference proceedings) (5)
    Presentazione (4)
    Abstract in atti di convegno (2)
    Altro prodotto (2)
    Contributo in pubblicazione non scientifica (1)
Research programSelected 0/59
    INT.P01.007.004, Trusted and mobile systems (29)
    INT.P01.007.001, Sicurezza dell'informazione (18)
    ICT.P07.008.002, Tecnologie e sistemi wireless eterogenei interconnessi (7)
    ICT.P09.008.002, Metodi e Strumenti per la Progettazione di Sistemi Software-Intensive ad Elevata Complessità (7)
    ICT.P08.010.002, Digital Libraries (5)
    DIT.AD006.002.001, Trustworthy and Secure Future Internet - Sviluppo Competenze (4)
    INT.P01.007.007, Cloud Security (4)
    ICT.P08.017.003, Web Usability and Accessibility (3)
    INT.P02.014.001, Metodologie e tecniche ICT per l'e-health (3)
    DCM.AD004.031.001, COE CBRN P65 (1)
EU Funding ProgramSelected 0/2
    FP7 (9)
    H2020 (3)
EU ProjectSelected 0/11
    IMARINE (2)
    ACCORDION (1)
    ACTIVAGE (1)
    ARGOMARINE (1)
    CONTRAIL (1)
    DRIVER II (1)
    EUFORIA (1)
    NESSOS (1)
    REFLEX (1)
    UNIVERSAAL (1)
YearSelected 0/25
    2015 (16)
    2018 (16)
    2016 (14)
    2014 (12)
    2013 (10)
    2011 (9)
    2020 (8)
    2021 (8)
    2004 (7)
    2012 (7)
LanguageSelected 0/2
    Inglese (134)
    Italiano (16)
Keyword

Security

RESULTS FROM 1 TO 20 OF 164