Search

Your search keyword '"Conti, Mauro"' showing total 62 results
62 results on '"Conti, Mauro"'

2. User-Defined Privacy-Preserving Traffic Monitoring Against n-by-1 Jamming Attack.

Author

Li, Meng, Zhu, Liehuang, Zhang, Zijian, Lal, Chhagan, Conti, Mauro, and Alazab, Mamoun

Subjects
TRAFFIC monitoring, QUALITY of service, INFORMATION retrieval
Abstract

Traffic monitoring services collect traffic reports and respond to users’ traffic queries. However, the reports and queries may reveal the user’s identity and location. Although different anonymization techniques have been applied to protect user privacy, a new security threat arises, namely, n-by-1 jamming attack, in which an anonymous contributing driver impersonates $n$ drivers and uploads $n$ normal reports by using $n$ reporting devices. Such an attack will mislead the traffic monitoring service provider and further degrade the service quality. Existing traffic monitoring services do not support customized queries, and private information retrieval techniques cannot be applied directly in traffic monitoring. We formally define the new attack and propose a traffic monitoring scheme TraJ to defend the attack and achieve user-defined location privacy. Specifically, we bridge anonymous contributing drivers without disclosing their speed set by using private set intersection. Each RSU collects time traffic reports and structures a weighted proximity graph to filter out malicious colluding drivers. We design a user-defined privacy-preserving query method by encoding complex road network. We leverage the uploading phase from private aggregation to collect traffic conditions and allow requesting drivers to dynamically and privately query traffic conditions. We provide a formal analysis of TraJ to prove its privacy and security properties. We also construct a prototype based on a real-world dataset and Android smartphones to demonstrate its feasibility and efficiency. A formal analysis demonstrates the privacy and security properties. Extensive experiments illustrate the performance and defense efficacy. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

3. Demystifying the Transferability of Adversarial Attacks in Computer Networks.

Author

Nowroozi, Ehsan, Mekdad, Yassine, Berenjestanaki, Mohammad Hajian, Conti, Mauro, and Fergougui, Abdeslam El

Abstract

Convolutional Neural Networks (CNNs) models are one of the most frequently used deep learning networks, and extensively used in both academia and industry. Recent studies demonstrated that adversarial attacks against such models can maintain their effectiveness even when used on models other than the one targeted by the attacker. This major property is known as transferability, and makes CNNs ill-suited for security applications. In this paper, we provide the first comprehensive study which assesses the robustness of CNN-based models for computer networks against adversarial transferability. Furthermore, we investigate whether the transferability property issue holds in computer networks applications. In our experiments, we first consider five different attacks: the Iterative Fast Gradient Method (I-FGSM), the Jacobian-based Saliency Map (JSMA), the Limited-memory Broyden Fletcher Goldfarb Shanno BFGS (L-BFGS), the Projected Gradient Descent (PGD), and the DeepFool attack. Then, we perform these attacks against three well-known datasets: the Network-based Detection of IoT (N-BaIoT) dataset, the Domain Generating Algorithms (DGA) dataset, and the RIPE Atlas dataset. Our experimental results show clearly that the transferability happens in specific use cases for the I-FGSM, the JSMA, and the LBFGS attack. In such scenarios, the attack success rate on the target network range from 63.00% to 100%. Finally, we suggest two shielding strategies to hinder the attack transferability, by considering the Most Powerful Attacks (MPAs), and the mismatch LSTM architecture. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

4. Virtual Influencers in Online Social Media.

Author

Conti, Mauro, Gathani, Jenil, and Tricomi, Pier Paolo

Subjects
*INFLUENCER marketing, *SOCIAL media, *MARKETING, *MATHEMATICAL ability
Abstract

Influencers are people on social media that distinguish themselves by the high number of followers and the ability to influence other users. While influencers are a long-standing phenomenon in social media, virtual influencers have made their appearance on such platforms only recently: they are CGI characters that act like and resemble humans, even if they do not physically exist in the real world. This recent phenomenon has sparked interest in society, and several questions arise regarding their evolution, opinions, ethics, purpose in marketing, and future perspective. In this article, we conduct an exhaustive review of the virtual influencer phenomenon. Through an extensive study of the literature, press articles, social platforms data, blogs, and interviews, we give a comprehensive reflection on virtual influencers. Starting from their evolution, we analyze their opportunities and threats. We provide detailed information about the most popular ones and their marketing collaborations, with a comparative analysis of virtual and real (human) influencers. Moreover, we conducted an online survey to grasp people's perspectives. From the 360 participants' answers, we draw conclusions about virtual influencers' ethics, importance, overall feelings, and future. Results show controversial opinions on this recent phenomenon. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

5. DHACS: Smart Contract-Based Decentralized Hybrid Access Control for Industrial Internet-of-Things.

Author

Saha, Rahul, Kumar, Gulshan, Conti, Mauro, Devgun, Tannishtha, Kim, Tai-hoon, Alazab, Mamoun, and Thomas, Reji

Abstract

The integration between blockchains, Internet-of-Thing (IoT), and smart contracts is an emerging and promising technology. The advantages of this technology have raised the importance of Industrial Internet-of-Thing (IIoT) and have paved the pathway for “Industry 4.0.” Surprisingly, access control has received less attention in IIoTs. Though there are some solutions coming forward to use blockchains for IIoT to enable secure and resilient access control management, the challenge is to satisfy the low-latency requirements of IIoTs for validating and adding the blocks to the chain. Besides, role-based and rule-based access controls in the existing systems can be forged without organizational access controls and compliance. Therefore, we address these problems in this article. In the present work, we propose DHACS, a Decentralized Hybrid Access Control for Smart contract, for IIoTs. DHACS aims to provide transparency, reliability, and robustness to the existing access control mechanism in IIoTs. The framework is based on blockchain feasibilities that contribute to an interconnected hybrid access control through smart contract provision. It is a novel idea in the domain of IIoTs. We use three access control strategies, role-based, rule-based, and organization-based, to develop a hybrid approach for smart contract in DHACS. The operational transactions along with their access controls are accounted and blocks are made by the transaction pooler and block creator. We use a private blockchain environment; however, it can be extended to a public blockchain or consortium blockchain for geographical distributed dependency. We compare DHACS with three existing approaches in recent time. We measure the performance in terms of computational costs, storage complexity, and energy consumption. DHACS outperforms the others approaches and is considered to be efficient for IIoT applications with more than 30% better efficiency in access control management. To the best of our knowledge, DHACS is the first attempt to use decentralized blockchains with smart contract for hybrid access control in IIoTs. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

6. Effect of DIS Attack on 6TiSCH Network Formation.

Author

Kalita, Alakesh, Brighente, Alessandro, Khatua, Manas, and Conti, Mauro

Abstract

The 6TiSCH standard provides minimum latency and reliability in mission-critical IoT applications. To optimize resource allocation during 6TiSCH network formation, IETF released the 6TiSCH minimal configuration (6TiSCH-MC) standard. 6TiSCH-MC considered IETF’s IPv6 Routing Protocol for Low power and Lossy network (RPL) as a routing protocol for both upward and downward routing. In RPL, new joining nodes or joined nodes transmit DODAG Information Solicitation (DIS) requests to get routing information from the network. However, we observe that malicious node(s) can severely affect 6TiSCH networks by sending multiple DIS requests. In this letter, we show and experimentally evaluate on real devices the impact of the DIS attack during 6TiSCH networks formation. We show that the attacker does not need expensive resources or access to the network’s sensitive information to execute the DIS attack. Our testbed experiments show that the DIS attack significantly degrades the nodes’ joining time and energy consumption, increasing them by 34% and 16%, respectively, compared to normal functioning during 6TiSCH network formation. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

7. SEnD: A Social Network Friendship Enhanced Decentralized System to Circumvent Censorships.

Author

Ding, Ding, Jeong, Kyuho, Xing, Shuning, Conti, Mauro, Figueiredo, Renato, and Liu, Fangai

Abstract

While the Internet is open by design, it is still the case that users can be subject to censorship by governments or enterprises in accessing Web services and data. In this paper we propose SEnD, a fully-distributed censorship circumvention system built upon an overlay, where users have peer-to-peer virtual private IP tunnels to proxies within their social network. With SEnD, users in an uncensored area can act as proxy servers for their social friends in a censored area, allowing them to bypass the censorship. SEnD is able to outperform the current censorship techniques, such as IP address blocking and active probing attacks. We assessed the effectiveness of SEnD through extensive simulations based on a synthetic dataset, as well as experiments based on a prototype implementation. We built our synthetic dataset based on parameters obtained from questionnaires administered both inside and outside China (we consider China as a case study of censorship area). The results show that SEnD is feasible, efficient and scalable. For example, when the proportion of concurrent active users is less than 60, 99.9 percent of these users are able to find proxy servers. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

10. Anonymous and Verifiable Reputation System for E-Commerce Platforms Based on Blockchain.

Author

Li, Meng, Zhu, Liehuang, Zhang, Zijian, Lal, Chhagan, Conti, Mauro, and Alazab, Mamoun

Abstract

E-commerce platforms incorporate reputation systems that allow customers to rate suppliers following financial transactions. Existing reputation systems cannot defend the centralized server against arbitrarily tampering with the supplier’s reputation. Furthermore, they do not offer reputation access across platforms. Rates are faced with privacy leakages because rating activities are correlated with privacy (e.g., identity and rating). Meanwhile, raters could be malicious and initiate multiple rating attacks and abnormal rating attacks. Determining how to address these issues have both research and practical value. In this paper, we propose a blockchain-based privacy-preserving reputation system for e-commerce platforms named RepChain; our system allows cross-platform reputation access and anonymous and private ratings. Using RepChain, all e-commerce platforms collaborate and share users’ reputations by co-constructing a consortium blockchain and modeling the rating process as a finite state machine. In particular, we facilitate one-show anonymous credentials constructed from two-move blind signatures to protect customers’ identities and resist multiple rating attacks, leverage zero-knowledge range proof to verify the correctness of ratings and defend against abnormal rating attacks, design a secure sum computation protocol among nodes to update reputations, and verify ratings via batch processing and consensus hashes. Finally, we demonstrate the security and privacy of RepChain via a formal analysis and evaluate its performance based on Ethereum test network. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

11. TEL: Low-Latency Failover Traffic Engineering in Data Plane.

Author

Mostafaei, Habib, Shojafar, Mohammad, and Conti, Mauro

Abstract

Modern network applications demand low-latency traffic engineering in the presence of network failure, while preserving the quality of service constraints like delay and capacity. Fast Re-Route (FRR) mechanisms are widely used for traffic re-routing purposes in failure scenarios. Control plane FRR typically computes the backup forwarding rules to detour the traffic in the data plane when the failure occurs. This mechanism could be computed in the data plane with the emergence of programmable data planes. In this paper, we propose a system (called TEL) that contains two FRR mechanisms, namely, TEL-C and TEL-D. The first one computes backup forwarding rules in the control plane, satisfying max-min fair allocation. The second mechanism provides FRR in the data plane. Both algorithms require minimal memory on programmable data planes and are well-suited with modern line rate match-action forwarding architectures (e.g., PISA). We implement both mechanisms on P4 programmable software switches (e.g., BMv2 and Tofino) and measure their performance on various topologies. The obtained results from a datacenter topology show that our FRR mechanism can improve the flow completion time up to 4.6 $\times$ –7.3 $\times$ (i.e., small flows) and 3.1 $\times$ –12 $\times$ (i.e., large flows) compared to recirculation-based mechanisms, such as F10, respectively. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

12. AEGIS: Detection and Mitigation of TCP SYN Flood on SDN Controller.

Author

Ravi, Nagarathna, Shalinie, S. Mercy, Lal, Chhagan, and Conti, Mauro

Abstract

Software-Defined Network (SDN) segregates the control plane and the data plane to bring about a programmable network. The controller at the control plane runs network modules and sets rules for forwarding the packets in the switches that resides at the data plane. Though advantageous in several ways, SDN can fail when the controller is saturated by a flood of TCP SYN packets. SYN flood can be created using malicious spoofing of IP or MAC addresses or flash crowd. The existing solutions to mitigate SYN flood against the controller does not adequately handle MAC spoofing based SYN flood, and these are unable to distinguish between flash crowd and malicious traffic. To overcome some limitations in existing solutions, we propose a novel mechanism called AEGIS, which detect and mitigate SYN flood against the controller in SDN. AEGIS runs in the controller, and it regularly checks if there is a performance lag in the controller due to an ongoing SYN flood. If a performance degradation is detected, then AEGIS takes it an indication of SYN flood and it identifies whether it is due to spoofed addresses or flash crowd. Once the reason is found, the appropriate mitigation procedure is triggered. We evaluate AEGIS in testbed and emulator settings, and we compare the results of the evaluation with state-of-the-art solutions. The performance evaluation of AEGIS shows that it identifies the malicious SYN at an accuracy of 97.78%. Moreover, when there is no SYN flood, AEGIS takes 0.0637s to set up a successful TCP connection, which is 53.81% less than the time taken by the state-of-the-art solution, thus, it proves that AEGIS is lightweight. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

14. Blockchain-Enabled Secure Energy Trading With Verifiable Fairness in Industrial Internet of Things.

Author

Li, Meng, Hu, Donghui, Lal, Chhagan, Conti, Mauro, and Zhang, Zijian

Abstract

Energy trading in Industrial Internet of Things (IIoT), a fundamental approach to realize Industry 4.0, plays a vital role in satisfying energy demands and optimizing system efficiency. Existing research works utilize a utility company to distribute energy to energy nodes with the help of energy brokers. Afterwards, they apply blockchain to provide transparency, immutability, and auditability of peer-to-peer (P2P) energy trading. However, their schemes are constructed on a weak security model and do not consider the cheating attack initiated by energy sellers. Such an attack refers to an energy seller refusing to transfer the negotiated energy to an energy purchaser who already paid money. In this article, we propose $\mathsf{FeneChain}$ , a blockchain-based energy trading scheme to supervise and manage the energy trading process toward building a secure energy trading system and improving energy quality for Industry 4.0. Specifically, we leverage anonymous authentication to protect user privacy, and we design a timed-commitments-based mechanism to guarantee the verifiable fairness during energy trading. Moreover, we utilize fine-grained access control for energy trading services. We also build a consortium blockchain among energy brokers to verify and record energy trading transactions. Finally, we formally analyze the security and privacy of $\mathsf{FeneChain}$ and evaluate its performance (i.e., computational costs and communication overhead) by implementing a prototype via a local Ethereum test network and Raspberry Pi. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

16. BitProb: Probabilistic Bit Signatures for Accurate Application Identification.

Author

Hubballi, Neminath, Swarnkar, Mayank, and Conti, Mauro

Abstract

Network traffic classification finds its applications in a variety of network management tasks such as quality of service, security monitoring, traffic engineering, etc. Deep Packet Inspection is one of the methods to identify applications. With the number of proprietary protocols on the rise and network protocols using bit level information for encoding, recently it has been shown that bit level signatures are effective for identifying applications. In this paper, we propose BitProb which generates probabilistic bit signatures for traffic classification. It uses the probability of a bit at a particular position being either 0 or 1 and generates a space efficient signature represented as a state transition machine. Subsequently, it uses the overall probability of an ${n}$ bit binary string extracted from a network flow to identify which application generated the flow. We experiment with three datasets covering twenty protocols (text, binary and proprietary) and show that BitProb classifies network flows with high accuracy and has a minimum number of misclassifications. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

17. SARA: Secure Asynchronous Remote Attestation for IoT Systems.

Author

Dushku, Edlira, Rabbani, Md Masoom, Conti, Mauro, Mancini, Luigi V., and Ranise, Silvio

Abstract

Remote attestation has emerged as a valuable security mechanism which aims to verify remotely whether or not a potentially untrusted device has been compromised. The protocols of Remote attestation are particularly important for securing Internet of Things (IoT) systems which, due to the large number of interconnected devices and limited security protections, are susceptible to a wide variety of cyber attacks. To guarantee the integrity of a software running on a single device, remote attestation is usually executed as an uninterrupted procedure: at the attestation time, a device stops the normal operation and executes the attestation of the entire device without interruption. The remote attestation protocols that aim to attest a large number of devices also follow the assumption on uninterrupted execution: when a device attests its network neighbours, each device verified in the neighborhood suspends its normal operation until the attestation protocol is completed. To avoid unnecessary suspension of the normal operation of the devices, this paper proposes a novel Secure Asynchronous Remote Attestation (SARA) protocol that releases the constraint of synchronous interaction among devices. In particular, SARA is an attestation protocol that exploits asynchronous communication capabilities among IoT devices in order to attest a distributed IoT service executed by them. SARA verifies both that each IoT device is not compromised (device trustworthiness), and that the exchanged communication data have not maliciously influence the communicating devices (legitimate operations). By tracing the execution order of each service invocation of an asynchronous distributed service, SARA allows each service to collect accurately historical data of its interactions, and transmits asynchronously such historical data to other interacting services. We have implemented and validated SARA through a realistic simulation on the Contiki emulator that demonstrates the functionality and efficiency of our protocol. The results confirm the suitability of SARA for low-end devices. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

18. PermPair : Android Malware Detection Using Permission Pairs.

Author

Arora, Anshul, Peddoju, Sateesh K., and Conti, Mauro

Abstract

The Android smartphones are highly prone to spreading the malware due to intrinsic feebleness that permits an application to access the internal resources when the user grants the permissions knowingly or unknowingly. Hence, the researchers have focused on identifying the conspicuous permissions that lead to malware detection. Most of these permissions, common to malware and normal applications present themselves in different patterns and contribute to attacks. Therefore, it is essential to find the significant combinations of the permissions that can be dangerous. Hence, this paper aims to identify the pairs of permissions that can be dangerous. To the best of our knowledge, none of the existing works have used the permission pairs to detect malware. In this paper, we proposed an innovative detection model, named PermPair, that constructs and compares the graphs for malware and normal samples by extracting the permission pairs from the manifest file of an application. The evaluation results indicate that the proposed scheme is successful in detecting malicious samples with an accuracy of 95.44% when compared to other similar approaches and favorite mobile anti-malware apps. Further, we also proposed an efficient edge elimination algorithm that removed 7% of the unnecessary edges from the malware graph and 41% from the normal graph. This lead to minimum space utility and also 28% decrease in the detection time. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

19. Cryptomining Cannot Change Its Spots: Detecting Covert Cryptomining Using Magnetic Side-Channel.

Author

Gangwal, Ankit and Conti, Mauro

Abstract

With new cryptocurrencies being frequently introduced to the market, the demand for cryptomining - a fundamental operation associated with most of the cryptocurrencies - has initiated a new stream of earning financial gains. The cost associated with the lucrative cryptomining has driven general masses to unethically mine cryptocurrencies using “plundered” resources in the public organizations (e.g., universities) as well as in the corporate sector that follows Bring Your Own Device (BYOD) culture. Such exploitation of the resources causes financial detriment to the affected organizations, which often discover the abuse when the damage has already been done. In this paper, we present a novel approach that leverages magnetic side-channel to detect covert cryptomining. Our proposed approach works even when the examiner does not have login-access or root-privileges on the suspect device. It merely requires the physical proximity of the examiner and a magnetic sensor, which is often available on smartphones. The fundamental idea of our approach is to profile the magnetic field emission of a processor for the set of available mining algorithms. We built a complete implementation of our system using advanced machine learning techniques. In our experiments, we included all the cryptocurrencies supported by the top-10 mining pools, which collectively comprise the largest share (84% during Q3 2018) of the cryptomining market. Moreover, we tested our methodology primarily on two different laptops. By using the data recorded from the magnetometer of an ordinary smartphone, our classifier achieved an average precision of over 88% and an average F1 score of 87%. Apart from our primary goal - which is to identify covert cryptomining - we also performed four additional experiments to further evaluate our approach. We found that due to its underlying design, our system is future-ready and can readily adapt even to zero-day cryptocurrencies. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

20. BAS-VAS: A Novel Secure Protocol for Value Added Service Delivery to Mobile Devices.

Author

Saxena, Neetesh, Conti, Mauro, Choo, Kim-Kwang Raymond, and Chaudhari, Narendra S.

Abstract

Mobile operators offer a wide range of value-added services (VAS) to their subscribers (i.e., mobile users), which in turn generates around 15% of the telecommunication industry revenue. However, simultaneous VAS requests from a large number of mobile devices to a single server or a cluster in an internet-of-things (IoT) environment could result in an inefficient system, if these requests are handled one at a time as the present traditional cellular network scenario is. This will not only slow down the server’s efficiency but also adversely impacts the performance of the network. The current (insecure) practice of transmitting user identity in plaintext also results in traceability. In this paper, we introduce the first known protocol designed to efficiently handle multiple VAS requests at one time, as well as ensuring the secure delivery of the services to a large number of requesting mobile users. The proposed batch verification protocol (BAS-VAS) is capable of authenticating multiple simultaneous requests received by a large number of mobile users. We demonstrate that the protocol preserves user privacy over the network. The provider’s servers ensure the privacy of the requested service’s priority by performing sorting over encrypted integer data. The simulation results also demonstrate that the proposed protocol is lightweight and efficient in terms of communication and computation overheads, protocol execution time, and batch and re-batch verification delay. Specifically, we perform batch and re-batch verification (after detecting and removing malicious requests from the batch) for multiple requests in order to improve the overall efficiency of the system, as well as discussing time, space and cost complexity analysis, along with the security proof of our protocol using Proverif. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

21. Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery.

Author

Calzavara, Stefano, Conti, Mauro, Focardi, Riccardo, Rabitti, Alvise, and Tolomei, Gabriele

Abstract

We propose a methodology to leverage machine learning (ML) for the detection of web application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black-box detection of cross-site request forgery vulnerabilities. Finally, we show the effectiveness of Mitch on real software. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

22. ECCAuth: A Secure Authentication Protocol for Demand Response Management in a Smart Grid System.

Author

Kumar, Neeraj, Aujla, Gagangeet Singh, Das, Ashok Kumar, and Conti, Mauro

Abstract

The devices in smart grids (SG) transfer data to a utility center (UC) or to the remote control centers. Using these data, the energy balance is maintained between consumers and the grid. However, this flow of data may be tampered by the intruders, which may result in energy imbalance. Thus, a robust authentication protocol, which supports dynamic SG device validation and UC addition, both in the local and global domains, is an essential requirement. For this reason, ECCAuth: a novel elliptic curve cryptography-based authentication protocol is proposed in this paper for preserving demand response in SG. This protocol allows establishment of a secret session key between an SG device and a UC after mutual authentication. Using this key, they can securely communicate for exchanging the sensitive information. The formal security analysis, informal security analysis, and formal security verification show that ECCAuth can withstand several known attacks. [ABSTRACT FROM AUTHOR]

Published
2019
Full Text
View/download PDF

26. SAFETY: Early Detection and Mitigation of TCP SYN Flood Utilizing Entropy in SDN.

Author

Kumar, Prashant, Tripathi, Meenakshi, Nehra, Ajay, Conti, Mauro, and Lal, Chhagan

Abstract

Software defined networking (SDN) is an emerging network paradigm which emphasizes the separation of the control plane from the data plane. This decoupling provides several advantages such as flexibility, programmability, and centralized control. However, SDN also introduces new vulnerabilities due to the required communication between data plane and control plane. Examples of threats that leverage such vulnerabilities are the control plane saturation and switch buffer overflow attacks. These attacks can be launched by flooding the TCP SYN packets from data plane (i.e., switches) to the control plane. This paper presents SAFETY, a novel solution for the early detection and mitigation of TCP SYN flooding. SAFETY harnesses the programming and wide visibility approach of SDN with entropy method to determine the randomness of the flow data. The entropy information includes destination IP and few attributes of TCP flags. To show the feasibility and effectiveness of SAFETY, we implement it as an extension module in Floodlight controller and evaluate it under different conditional scenarios. We run a thorough evaluation of our implementation through extensive emulation via Mininet. The experimental results show that when compared to the state-of-the-art, SAFETY brings a significant improvement (13%) regarding processing delay experienced by a legitimate node. Other parameters such as CPU utilization at the controller and attack detection time are also examined and shows improvement in various scenarios. [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

27. Advertising in the IoT Era: Vision and Challenges.

Author

Aksu, Hidayet, Babun, Leonardo, Conti, Mauro, Tolomei, Gabriele, and Uluagac, A. Selcuk

Subjects
INTERNET advertising, TECHNOLOGICAL innovations, AUTONOMOUS vehicles, BUSINESS ecosystems, INTERNET security
Abstract

The IoT extends the idea of interconnecting computers to a plethora of different devices, collectively referred to as smart devices. These are physical items, that is, "things", such as wearable devices, home appliances, and vehicles, enriched with computational and networking capabilities. Due to the huge set of devices involved, and therefore its pervasiveness, IoT is a great platform to leverage for building new applications and services or extending existing ones. In this regard, expanding online advertising into the IoT realm is an under-investigated yet promising research direction, especially considering that the traditional Internet advertising market is already worth hundreds of billions of dollars. In this article, we first propose the architecture of an IoT advertising platform inspired by the well known business ecosystem, which the traditional Internet advertising is based on. Additionally, we discuss the key challenges to implement such a platform, with a special focus on issues related to architecture, advertisement content delivery, security, and privacy of the users. [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

28. Security and Privacy Analysis of National Science Foundation Future Internet Architectures.

Author

Ambrosin, Moreno, Compagno, Alberto, Conti, Mauro, Ghali, Cesar, and Tsudik, Gene

Subjects
INTERNET protocols, WIRELESS communications, COMPUTER architecture, COMPUTER network security
Abstract

The Internet protocol (IP) is the lifeblood of the modern Internet. Its simplicity and universality have fueled the unprecedented and lasting global success of the current Internet. Nonetheless, some limitations of IP have been emerging in recent years. Furthermore, starting in mid-1990s, the advent of mobility, wirelessness, and the Web substantially shifted Internet usage and communication paradigms. This accentuated long-term concerns about the current Internet architecture and prompted interest in alternative designs. The U.S. National Science Foundation (NSF) has been one of the key supporters of efforts to design a set of candidate next-generation Internet architectures. As a prominent design requirement, NSF emphasized “security and privacy by design” in order to avoid the long and unhappy history of incremental patching and retrofitting that characterizes the current Internet architecture. To this end, as a result of a competitive process, four prominent research projects were funded by the NSF in 2010: nebula, named-data networking, MobilityFirst, and expressive Internet architecture. This paper provides a comprehensive and neutral analysis of salient security and privacy features (and issues) in these NSF-funded future Internet architectures. Prior surveys on future Internet architectures provide a limited, or even no, comparison on security and privacy features. In addition, this paper also compares the four candidate designs with the current IP-based architecture and discusses similarities, differences, and possible improvements. [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

29. MDSClone: Multidimensional Scaling Aided Clone Detection in Internet of Things.

Author

Lee, Po-Yen, Yu, Chia-Mu, Dargahi, Tooska, Conti, Mauro, and Bianchi, Giuseppe

Abstract

Cloning is a very serious threat in the Internet of Things (IoT), owing to the simplicity for an attacker to gather configuration and authentication credentials from a non-tamper-proof node, and replicate it in the network. In this paper, we propose MDSClone, a novel clone detection method based on multidimensional scaling (MDS). MDSClone appears to be very well suited to IoT scenarios, as it: 1) detects clones without the need to know the geographical positions of nodes; 2) unlike prior methods, it can be applied to hybrid networks that comprise both static and mobile nodes, for which no mobility pattern may be assumed a priori. Moreover, a further advantage of MDSClone is that 3) the core part of the detection algorithm can be parallelized, resulting in an acceleration of the whole detection mechanism. Our thorough analytical and experimental evaluations demonstrate that MDSClone can achieve a 100% clone detection probability. Moreover, we propose several modifications to the original MDS calculation, which lead to over a 75% speed up in large scale scenarios. The demonstrated efficiency of MDSClone proves that it is a promising method towards a practical clone detection design in IoT. [ABSTRACT FROM PUBLISHER]

Published
2018
Full Text
View/download PDF

30. A Novel Authentication and Key Agreement Scheme for Implantable Medical Devices Deployment.

Author

Wazid, Mohammad, Das, Ashok Kumar, Kumar, Neeraj, Conti, Mauro, and Vasilakos, Athanasios V.

Subjects
CONTRACTS, ARTIFICIAL implants, BLOOD sugar monitoring, INFORMATION technology, ANONYMITY
Abstract

Implantable medical devices (IMDs) are man-made devices, which can be implanted in the human body to improve the functioning of various organs. The IMDs monitor and treat physiological condition of the human being (for example, monitoring of blood glucose level by insulin pump). The advancement of information and communication technology enhances the communication capabilities of IMDs. In healthcare applications, after mutual authentication, a user (for example, doctor) can access the health data from the IMDs implanted in a patient's body. However, in this kind of communication environment, there are always security and privacy issues, such as leakage of health data and malfunctioning of IMDs by an unauthorized access. To mitigate these issues, in this paper, we propose a new secure remote user authentication scheme for IMDs communication environment to overcome security and privacy issues in existing schemes. We provide the formal security verification using the widely accepted Automated Validation of Internet Security Protocols and Applications tool. We also provide the informal security analysis of the proposed scheme. The formal security verification and informal security analysis prove that the proposed scheme is secure against known attacks. The practical demonstration of the proposed scheme is performed using the broadly accepted NS2 simulation tool. The computation and communication costs of the proposed scheme are also comparable with the existing schemes. Moreover, the scheme provides additional functionality features, such as anonymity, untraceability, and dynamic implantable medical device addition. [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

31. DELTA: Data Extraction and Logging Tool for Android.

Author

Spolaor, Riccardo, Santo, Elia Dal, and Conti, Mauro

Subjects
DATA extraction, LOGGING, INFORMATION theory, COMPUTATIONAL complexity
Abstract

In recent years, the use of smartphones has increased exponentially, and so have their capabilities. Together with an increase in processing power, smartphones are now equipped with a variety of sensors and provide an extensive set of API. These capabilities allow us to extract data related to environment, user habits, and operating system itself. This data is extremely valuable in many research fields such as user authentication, intrusion, and information leaks detection. For these reasons, researchers need a solid and reliable logging tool to collect data from mobile devices. In this paper, we first survey the existing logging tools available on the Android platform, comparing their features and their impact on the system. Then, we present DELTA - Data Extraction and Logging Tool for Android, which improves the existing Android logging solutions in terms of flexibility, fine-grained tuning capabilities, extensibility, and available set of logging features. We fully implement DELTA and we run a thorough performance evaluation. The results show that our tool has a low impact on the performance of the system, on battery consumption, and on user experience. Finally, we make the DELTA source code available to the research community. [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

32. Detecting Android Malware Leveraging Text Semantics of Network Flows.

Author

Wang, Shanshan, Yan, Qiben, Chen, Zhenxiang, Yang, Bo, Zhao, Chuan, and Conti, Mauro

Abstract

The emergence of malicious apps poses a serious threat to the Android platform. Most types of mobile malware rely on network interface to coordinate operations, steal users’ private information, and launch attack activities. In this paper, we propose an effective and automatic malware detection method using the text semantics of network traffic. In particular, we consider each HTTP flow generated by mobile apps as a text document, which can be processed by natural language processing to extract text-level features. Then, we use the text semantic features of network traffic to develop an effective malware detection model. In an evaluation using 31 706 benign flows and 5258 malicious flows, our method outperforms the existing approaches, and gets an accuracy of 99.15%. We also conduct experiments to verify that the method is effective in detecting newly discovered malware, and requires only a few samples to achieve a good detection result. When the detection model is applied to the real environment to detect unknown applications in the wild, the experimental results show that our method performs significantly better than other popular anti-virus scanners with a detection rate of 54.81%. Our method also reveals certain malware types that can avoid the detection of anti-virus scanners. In addition, we design a detection system on encrypted traffic for bring-your-own-device enterprise network, home network, and 3G/4G mobile network. The detection model is integrated into the system to discover suspicious network behaviors. [ABSTRACT FROM PUBLISHER]

Published
2018
Full Text
View/download PDF

33. Provably Secure Authenticated Key Agreement Scheme for Smart Grid.

Author

Odelu, Vanga, Das, Ashok Kumar, Wazid, Mohammad, and Conti, Mauro

Abstract

Due to the rapid development of wireless communication systems, authentication becomes a key security component in smart grid environments. Authentication then plays an important role in the smart grid domain by providing a variety of security services including credentials’ privacy, session-key (SK) security, and secure mutual authentication. In this paper, we analyze the security of a recent relevant work in smart grid, and it is unfortunately not able to deal with SK-security and smart meter secret credentials’ privacy under the widely accepted Canetti–Krawczyk adversary (CK-adversary) model. We then propose a new efficient provably secure authenticated key agreement scheme for smart grid. Through the rigorous formal security analysis, we show that the proposed scheme achieves the well-known security functionalities including smart meter credentials’ privacy and SK-security under the CK-adversary model. The proposed scheme reduces the computation overheads for both smart meters and service providers. Furthermore, the proposed scheme offers more security functionalities as compared to the existing related schemes. [ABSTRACT FROM PUBLISHER]

Published
2018
Full Text
View/download PDF

34. Robust Smartphone App Identification via Encrypted Network Traffic Analysis.

Author

Taylor, Vincent F., Spolaor, Riccardo, Conti, Mauro, and Martinovic, Ivan

Abstract

The apps installed on a smartphone can reveal much information about a user, such as their medical conditions, sexual orientation, or religious beliefs. In addition, the presence or absence of particular apps on a smartphone can inform an adversary, who is intent on attacking the device. In this paper, we show that a passive eavesdropper can feasibly identify smartphone apps by fingerprinting the network traffic that they send. Although SSL/TLS hides the payload of packets, side-channel data, such as packet size and direction is still leaked from encrypted connections. We use machine learning techniques to identify smartphone apps from this side-channel data. In addition to merely fingerprinting and identifying smartphone apps, we investigate how app fingerprints change over time, across devices, and across different versions of apps. In addition, we introduce strategies that enable our app classification system to identify and mitigate the effect of ambiguous traffic, i.e., traffic in common among apps, such as advertisement traffic. We fully implemented a framework to fingerprint apps and ran a thorough set of experiments to assess its performance. We fingerprinted 110 of the most popular apps in the Google Play Store and were able to identify them six months later with up to 96% accuracy. Additionally, we show that app fingerprints persist to varying extents across devices and app versions. [ABSTRACT FROM PUBLISHER]

Published
2018
Full Text
View/download PDF

35. Toward the Development of Secure Underwater Acoustic Networks.

Author

Lal, Chhagan, Petroccia, Roberto, Pelekanakis, Konstantinos, Conti, Mauro, and Alves, Joao

Subjects
UNDERWATER acoustics, UNDERWATER acoustic communication, COMMUNICATION, WIRELESS communications, TELECOMMUNICATION systems
Abstract

Underwater acoustic networks (UANs) have been recognized as an enabling technology for various applications in the maritime domain. The wireless nature of the acoustic medium makes UANs vulnerable to various malicious attacks, yet, limited consideration has been given to security challenges. In this paper, we outline a hybrid architecture that incorporates aspects of physical layer security, software defined networking, node cooperation, cross-layering, context-awareness, and cognition. The proposed architecture envisions strategies at the node as well as at the network level that adapt to environmental changes, the status of the network and the possible array of attacks. Several examples of attacks and countermeasures are discussed while deployment and functionality issues of the proposed architecture are taken into consideration. This work is not intended to represent a whatsoever proven solution but mainly to suggest future research directions to the scientific community working in the area of UANs. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

37. Drone Path Planning for Secure Positioning and Secure Position Verification.

Author

Perazzo, Pericle, Sorbelli, Francesco Betti, Conti, Mauro, Dini, Gianluca, and Pinotti, Cristina M.

Subjects
INDOOR positioning systems, SOFTWARE localization, ALGORITHMS, ANCHORS, PRINCIPAL components analysis
Abstract

Many dependable systems rely on the integrity of the position of their components. In such systems, two key problems are secure localization and secure location verification of the components. Researchers proposed several solutions, which generally require expensive infrastructures of several fixed stations (anchors) with trusted positions. In this paper, we explore the approach of replacing all the fixed anchors with a single drone that flies through a sequence of waypoints. At each waypoint, the drone acts as an anchor and securely determines the positions. This approach completely eliminates the need for many expensive anchors. The main challenge becomes how to find a convenient path for the drone to do this for all the devices. The problem presents novel aspects, which make existing path planning algorithms unsuitable. We propose LocalizerBee, VerifierBee, and PreciseVerifierBee: three path planning algorithms that allow a drone to respectively measure, verify, and verify with a guaranteed precision a set of positions in a secure manner. They are able to securely localize all the positions in a generic deployment area, even in the presence of drone control errors. Moreover, they produce short path lengths and they run in a reasonable processing time. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

38. SLICOTS: An SDN-Based Lightweight Countermeasure for TCP SYN Flooding Attacks.

Author

Mohammadi, Reza, Javidan, Reza, and Conti, Mauro

Abstract

Software defined networking (SDN) is a novel networking paradigm which decouples control plane from data plane. This separation facilitates a high level of programmability and manageability. On the other hand, it makes the SDN controller a bottleneck and hence vulnerable to control plane saturation attack. One of the key mechanism to achieve control plane saturation is via TCP SYN flooding attack. This is one of the most effective and popular denial of service attack, in which the attacker produces many half-open TCP connections on the targeted server in order to degrade its availability. Furthermore, when applied to SDN, TCP SYN flooding attack also introduces control plane saturation attack. In particular, the attacker generates a significant number of TCP SYN packets and imposes data plane switches to forward them to the controller. As a result, the performance of the controller degrades and the controller will not be able to respond genuine requests in acceptable time. In this paper, we propose SLICOTS, an effective and efficient countermeasure to mitigate TCP SYN flooding attack in SDN. SLICOTS takes the advantage of dynamic programmability nature of SDN to detect and prevent attacks. SLICOTS is implemented in the controller, it surveils ongoing TCP connection requests, and blocks malicious hosts. We implemented SLICOTS as an extension module of OpenDayLight controller and evaluated it under different attack scenarios. The experimental results confirm that, compared to the state-of-art, SLICOTS reduces the response time overhead up to some 50%, while ensuring the same level of protection. [ABSTRACT FROM PUBLISHER]

Published
2017
Full Text
View/download PDF

39. LineSwitch: Tackling Control Plane Saturation Attacks in Software-Defined Networking.

Author

Ambrosin, Moreno, Conti, Mauro, De Gaspari, Fabio, and Poovendran, Radha

Subjects
SOFTWARE-defined networking, COMPUTER network software
Abstract

Software defined networking (SDN) is a new networking paradigm that in recent years has revolutionized network architectures. At its core, SDN separates the data plane, which provides data forwarding functionalities, and the control plane, which implements the network control logic. The separation of these two components provides a virtually centralized point of control in the network, and at the same time abstracts the complexity of the underlying physical infrastructure. Unfortunately, while promising, the SDN approach also introduces new attacks and vulnerabilities. Indeed, previous research shows that, under certain traffic conditions, the required communication between the control and data plane can result in a bottleneck. An attacker can exploit this limitation to mount a new, network-wide, type of denial of service attack, known as the control plane saturation attack. This paper presents LineSwitch, an efficient and effective data plane solution to tackle the control plane saturation attack. LineSwitch employs probabilistic proxying and blacklisting of network traffic to prevent the attack from reaching the control plane, and thus preserve network functionality. We implemented LineSwitch as an extension of the reference SDN implementation, OpenFlow, and run a thorough set of experiments under different traffic and attack scenarios. We compared LineSwitch to the state of the art, and we show that it provides at the same time, the same level of protection against the control plane saturation attack, and a reduced time overhead by up to 30%. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

40. On the Feasibility of Attribute-Based Encryption on Internet of Things Devices.

Author

Ambrosin, Moreno, Anzanpour, Arman, Conti, Mauro, Dargahi, Tooska, Moosavi, Sanaz Rahimi, Rahmani, Amir M., and Liljeberg, Pasi

Subjects
INTERNET of things, DATA encryption, COMPUTER networks, ACQUISITION of data, COMPUTER security
Abstract

The Internet of Things (IoT) is emerging with the pace of technology evolution, connecting people and things through the Internet. IoT devices enable large-scale data collection and sharing for a wide range of applications. However, it is challenging to securely manage interconnected IoT devices because the collected data could contain sensitive personal information. The authors believe that attribute-based encryption (ABE) could be an effective cryptographic tool for secure management of IoT devices. However, little research has addressed ABE's actual feasibility in the IoT thus far. This article investigates such feasibility considering well-known IoT platforms--specifically, Intel Galileo Gen 2, Intel Edison, Raspberry Pi 1 Model B, and Raspberry Pi Zero. A thorough evaluation confirms that adopting ABE in the IoT is indeed feasible. [ABSTRACT FROM AUTHOR]

Published
2016
Full Text
View/download PDF

42. Security Vulnerabilities and Countermeasures for Target Localization in Bio-NanoThings Communication Networks.

Author

Giaretta, Alberto, Balasubramaniam, Sasitharan, and Conti, Mauro

Abstract

The emergence of molecular communication has provided an avenue for developing biological nanonetworks. Synthetic biology is a platform that enables reprogramming cells, which we refer to as Bio-NanoThings, that can be assembled to create nanonetworks. In this paper, we focus on specific Bio-NanoThings, i.e, bacteria, where engineering their ability to emit or sense molecules can result in functionalities, such as cooperative target localization. Although this opens opportunities, e.g., for novel healthcare applications of the future, this can also lead to new problems, such as a new form of bioterrorism. In this paper, we investigate the disruptions that malicious Bio-NanoThings (M-BNTs) can create for molecular nanonetworks. In particular, we introduce two types of attacks: 1) blackhole and 2) sentry attacks. In blackhole attack M-BNTs emit attractant chemicals to draw-in the legitimate Bio-NanoThings (L-BNTs) from searching for their target, while in the sentry attack, the M-BNTs emit repellents to disperse the L-BNTs from reaching their target. We also present a countermeasure that L-BNTs can take to be resilient to the attacks, where we consider two forms of decision processes that includes Bayes’ rule as well as a simple threshold approach. We run a thorough set of simulations to assess the effectiveness of the proposed attacks as well as the proposed countermeasure. Our results show that the attacks can significantly hinder the regular behavior of Bio-NanoThings, while the countermeasures are effective for protecting against such attacks. [ABSTRACT FROM PUBLISHER]

Published
2016
Full Text
View/download PDF

43. Analyzing Android Encrypted Network Traffic to Identify User Actions.

Author

Conti, Mauro, Mancini, Luigi Vincenzo, Spolaor, Riccardo, and Verde, Nino Vincenzo

Abstract

Mobile devices can be maliciously exploited to violate the privacy of people. In most attack scenarios, the adversary takes the local or remote control of the mobile device, by leveraging a vulnerability of the system, hence sending back the collected information to some remote web service. In this paper, we consider a different adversary, who does not interact actively with the mobile device, but he is able to eavesdrop the network traffic of the device from the network side (e.g., controlling a Wi-Fi access point). The fact that the network traffic is often encrypted makes the attack even more challenging. In this paper, we investigate to what extent such an external attacker can identify the specific actions that a user is performing on her mobile apps. We design a system that achieves this goal using advanced machine learning techniques. We built a complete implementation of this system, and we also run a thorough set of experiments, which show that our attack can achieve accuracy and precision higher than 95%, for most of the considered actions. We compared our solution with the three state-of-the-art algorithms, and confirming that our system outperforms all these direct competitors. [ABSTRACT FROM PUBLISHER]

Published
2016
Full Text
View/download PDF

44. Employing Program Semantics for Malware Detection.

Author

Naval, Smita, Laxmi, Vijay, Rajarajan, Muttukrishnan, Gaur, Manoj Singh, and Conti, Mauro

Abstract

In recent years, malware has emerged as a critical security threat. In addition, malware authors continue to embed numerous anti-detection features to evade the existing malware detection approaches. Against this advanced class of malicious programs, dynamic behavior-based malware detection approaches outperform the traditional signature-based approaches by neutralizing the effects of obfuscation and morphing techniques. [ABSTRACT FROM PUBLISHER]

Published
2015
Full Text
View/download PDF

45. Provable Storage Medium for Data Storage Outsourcing.

Author

Guarino, Stefano, Canlar, Eyup S., Conti, Mauro, Pietro, Roberto Di, and Solanas, Agusti

Abstract

In remote storage services, delays in the time to retrieve data can cause economic losses to the data owners. In this paper, we address the problem of properly establishing specific clauses in the service level agreement (SLA), intended to guarantee a short and predictable retrieval time. Based on the rationale that the retrieval time mainly depends on the storage media used at the server side, we introduce the concept of Provable Storage Medium (PSM), to denote the ability of a user to efficiently verify that the provider is complying to this aspect of the SLA. We propose PSM as an extension of Provable Data Possession (PDP): embedding challenge-response PDP schemes with measurements of the response time, both properties can be enforced without any need for the user to locally store nor download her data. We describe a realistic implementation of PSM in a scenario where data should be stored both in RAM and HDD. A thorough analysis shows that, even for relatively small challenges, the total time to compute and deliver the response is sensibly affected by the remarkable difference in the access time of the two supports. An extensive simulation campaign confirms the quality and viability of our proposal. [ABSTRACT FROM PUBLISHER]

Published
2015
Full Text
View/download PDF

46. Leveraging Parallel Communications for Minimizing Energy Consumption on Smartphones.

Author

Conti, Mauro, Crispo, Bruno, Diodati, Daniele, Nurminen, Jukka K., Pinotti, Cristina M., and Teemaa, Taavi

Subjects
*PARALLEL computers, *COMPUTER networks, *ENERGY consumption of computers, *SMARTPHONES, *DELAY-tolerant networks
Abstract

Recent energy measurements on smartphones have shown that parallel communications (e.g., data transfer and voice call) require less energy than their stand-alone execution. Guided by these results, we investigate the possibility of scheduling communications in pairs for minimizing the energy consumption. We define two energy optimization problems to postpone delay-tolerant services and perform them in parallel with real-time services in order to save energy. The first problem, called single delay-tolerant assignment (SDA), allows at most one delay-tolerant service to be paired with each real-time service, whereas the second problem, called multiple delay-tolerant assignment (MDA), allows multiple delay-tolerant services to be paired (in different times) with the same real-time service. For the SDA problem, we propose an optimal algorithm. For the MDA problem, which is computationally intractable, we give an approximation algorithm. We evaluate the benefits of the energy-efficient pairing strategy via simulations on synthetic traces. The MDA algorithm can save up to the 60 percent of the energy consumption using 4G network assuming an intensive smartphone usage, while the SDA algorithm saves up to the 20 percent. [ABSTRACT FROM AUTHOR]

Published
2015
Full Text
View/download PDF

48. Smart health: A context-aware health paradigm within smart cities.

Author

Solanas, Agusti, Patsakis, Constantinos, Conti, Mauro, Vlachos, Ioannis, Ramos, Victoria, Falcone, Francisco, Postolache, Octavian, Perez-martinez, Pablo, Pietro, Roberto, Perrea, Despina, and Martinez-Balleste, Antoni

Subjects
MOBILE health, MEDICAL care research, WIRELESS communications, MOBILE communication systems, TELECOMMUNICATION research
Abstract

The new era of mobile health ushered in by the wide adoption of ubiquitous computing and mobile communications has brought opportunities for governments and companies to rethink their concept of healthcare. Simultaneously, the worldwide urbanization process represents a formidable challenge and attracts attention toward cities that are expected to gather higher populations and provide citizens with services in an efficient and human manner. These two trends have led to the appearance of mobile health and smart cities. In this article we introduce the new concept of smart health, which is the context-aware complement of mobile health within smart cities. We provide an overview of the main fields of knowledge that are involved in the process of building this new concept. Additionally, we discuss the main challenges and opportunities that s-Health would imply and provide a common ground for further research. [ABSTRACT FROM PUBLISHER]

Published
2014
Full Text
View/download PDF

49. An Anonymous End-to-End Communication Protocol for Mobile Cloud Environments.

Author

Ardagna, Claudio A., Conti, Mauro, Leone, Mario, and Stefa, Julinda

Abstract

The increasing spread of mobile cloud computing paradigm is changing the traditional mobile communication infrastructure. Today, smartphones can rely on virtual (software) “clones” in the cloud, offering backup/recovery solutions as well as the possibility to offload computations. As a result, clones increase the communication and computation capabilities of smartphones, making their limited batteries last longer. Unfortunately, mobile cloud introduces new privacy risks, since personal information of the communicating users is distributed among several parties (e.g., cellular network operator, cloud provider). In this paper, we propose a solution implementing an end-to-end anonymous communication protocol between two users in the network, which leverages properties of social networks and ad hoc wireless networks. We consider an adversary model where each party observing a portion of the communication possibly colludes with others to uncover the identity of communicating users. We then extensively analyze the security of our protocol and the anonymity preserved against the above adversaries. Most importantly, we assess the performance of our solution by comparing it to Tor on a real testbed of 36 smartphones and relative clones running on Amazon EC2 platform. [ABSTRACT FROM PUBLISHER]

Published
2014
Full Text
View/download PDF

50. Fast and Secure Multihop Broadcast Solutions for Intervehicular Communication.

Author

Ben Jaballah, Wafa, Conti, Mauro, Mosbah, Mohamed, and Palazzi, Claudio E.

Abstract

Intervehicular communication (IVC) is an important emerging research area that is expected to considerably contribute to traffic safety and efficiency. In this context, many possible IVC applications share the common need for fast multihop message propagation, including information such as position, direction, and speed. However, it is crucial for such a data exchange system to be resilient to security attacks. Conversely, a malicious vehicle might inject incorrect information into the intervehicle wireless links, leading to life and money losses or to any other sort of adversarial selfishness (e.g., traffic redirection for the adversarial benefit). In this paper, we analyze attacks to the state-of-the-art IVC-based safety applications. Furthermore, this analysis leads us to design a fast and secure multihop broadcast algorithm for vehicular communication, which is proved to be resilient to the aforementioned attacks. [ABSTRACT FROM PUBLISHER]

Published
2014
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results