Your search keyword '"Gianmarco Baldini"' showing total 38 results

1. A Survey of Cybersecurity Certification for the Internet of Things

Author

Gianmarco Baldini, Sara N. Matheu, Jose L. Hernandez-Ramos, and Antonio F. Skarmeta

Subjects

ComputingMilieux_THECOMPUTINGPROFESSION, General Computer Science, business.industry, Computer science, Corporate governance, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 020207 software engineering, 02 engineering and technology, Certification, Computer security, computer.software_genre, Security testing, Theoretical Computer Science, Work (electrical), Multidisciplinary approach, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Internet of Things, business, Baseline (configuration management), computer

Abstract

In recent years, cybersecurity certification is gaining momentum as the baseline to build a structured approach to mitigate cybersecurity risks in the Internet of Things (IoT). This initiative is driven by industry, governmental institutions, and research communities, which have the goal to make IoT more secure for the end-users. In this survey, we analyze the current cybersecurity certification schemes, as well as the potential challenges to make them applicable for the IoT ecosystem. We also examine current efforts related to risk assessment and testing processes, which are widely recognized as the processes to build a cybersecurity certification framework. Our work provides a multidisciplinary perspective of a possible IoT cybersecurity certification framework by integrating research and technical tools and processes with policies and governance structures, which are analyzed against a set of identified challenges. This survey is intended to give a comprehensive overview of cybersecurity certification to facilitate the definition of a framework that fits in emerging scenarios, such as the IoT paradigm.

Published

2020

2. An Interledger Blockchain Platform for Cross-Border Management of Cybersecurity Information

Author

Dmitrij Lagutin, Gianmarco Baldini, Antonio F. Skarmeta, Jose L. Hernandez-Ramos, Sara N. Matheu-Garcia, Pekka Nikander, Ricardo Neisse, Vasilios A. Siris, European Commission Joint Research Centre Institute, University of Murcia, Athens University of Economics and Business, Department of Communications and Networking, Network Security and Trust, Aalto-yliopisto, and Aalto University

Subjects

blockchain, certification, Computer Networks and Communications, Interoperability, ComputingMilieux_LEGALASPECTSOFCOMPUTING, security, 02 engineering and technology, Certification, Computer security, computer.software_genre, Blockchain, 0202 electrical engineering, electronic engineering, information engineering, Interledger, media_common.cataloged_instance, European union, media_common, ComputingMilieux_THECOMPUTINGPROFESSION, business.industry, 020206 networking & telecommunications, NIS, Information and Communications Technology, Software deployment, Cybersecurity Certification, Transparency (graphic), Accountability, The Internet, Business, computer

Abstract

Cybersecurity certification is a core notion to support the mitigation of cybersecurity risks of Information and Communication Technologies (ICT). At the European Union (EU) level, the Cybersecurity Act establishes a common cybersecurity certification framework supporting the coexistence of different certification schemes across Member States. However, its realization needs to be sustained by technical approaches to enable ICT stakeholders from different sectors or countries to exchange cybersecurity information and evaluate the up-to-date security level of an ICT system throughout their lifecycle. Toward this end, we propose a blockchain-based platform using a novel interledger design, where ledgers associated with ICT artifacts, cybersecurity certificates, and vulnerabilities are interconnected. The main purpose is to leverage the advantages of blockchain in terms of distributed trust, transparency, and accountability, while at the same time coping with scalability, performance, and interoperability requirements. We analyze the impact of our platform in the current EU legislation and provide insights for its deployment.

Published

2020

3. Opposing Data Exploitation: Behaviour Biometrics for Privacy-Preserving Authentication in IoT Environments

Author

Gianmarco Baldini, Veljko Pejovic, and Andraž Krašovec

Subjects

Authentication, Biometrics, business.industry, Computer science, Computer security, computer.software_genre, Adversarial system, Identification (information), Projection (relational algebra), Obfuscation, Identity (object-oriented programming), Internet of Things, business, computer

Abstract

Multimodal data harvested by the Internet of Things sensors has recently been utilised for behavioural biometrics and consequently user authentication. While strengthening the security, these data nevertheless present a privacy threat to users whose behaviour can now be modelled in detail, thus allowing the authenticating authority to not only know who is present, but also what the present person is doing. In this work we reconsider IoT sensor-based authentication and provide a solution mitigating the privacy risk associated with unnecessary information leaks. Our approach harnesses adversarial learning and identifies such a projection of the data that maintains identity separability, yet obfuscates activity separability, thus ensuring that the authenticating authority can successfully identify the user, but not her actions within the sensed environment. We evaluate our approach on a real-world dataset of three activities performed by fifteen users and show that the activity obfuscation is achieved without compromising identification capabilities.

Published

2021

4. Mitigation of Privacy Threats due to Encrypted Traffic Analysis through a Policy-Based Framework and MUD Profiles

Author

Mateusz Nowak, Sławomir Nowak, Gianmarco Baldini, Jose L. Hernandez-Ramos, and Ricardo Neisse

Subjects

Traffic analysis, Physics and Astronomy (miscellaneous), Computer science, General Mathematics, Cryptography, 02 engineering and technology, Web access, Time based, Encryption, Computer security, computer.software_genre, privacy, machine learning, encrypted traffic, policy based framework, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Voice over IP, business.industry, lcsh:Mathematics, 020206 networking & telecommunications, lcsh:QA1-939, Chemistry (miscellaneous), Software deployment, 020201 artificial intelligence & image processing, business, Classifier (UML), computer

Abstract

It has been proven in research literature that the analysis of encrypted traffic with statistical analysis and machine learning can reveal the type of activities performed by a user accessing the network, thus leading to privacy risks. In particular, different types of traffic (e.g., skype, web access) can be identified by extracting time based features and using them in a classifier. Such privacy attacks are asymmetric because a limited amount of resources (e.g., machine learning algorithms) can extract information from encrypted traffic generated by cryptographic systems implemented with a significant amount of resources. To mitigate privacy risks, studies in research literature have proposed a number of techniques, but in most cases only a single technique is applied, which can lead to limited effectiveness. This paper proposes a mitigation approach for privacy risks related to the analysis of encrypted traffic which is based on the integration of three main components: (1) A machine learning component which proactively analyzes the encrypted traffic in the network to identify potential privacy threats and evaluate the effectiveness of various mitigation techniques (e.g., obfuscation), (2) a policy based component where policies are used to enforce privacy mitigation solutions in the network and (3) a network node profile component based on the Manufacturer Usage Description (MUD) standard to enable changes in the network nodes in the cases where the first two components are not effective in mitigating the privacy risks. This paper describes the different components and how they interact in a potential deployment scenario. The approach is evaluated on the public dataset ISCXVPN2016 and the results show that the privacy threat can be mitigated significantly by removing completely the identification of specific types of traffic or by decreasing the probability of their identification as in the case of VOIP by 50%, Chat by 40% and Browsing by 33%, thus reducing significantly the privacy risk.

Published

2020

5. Autopolicy: Automated Traffic Policing for Improved IoT Network Security

Author

Gianmarco Baldini, Paweł Foremski, Piotr Fröhlich, Sławomir Nowak, and Jose L. Hernandez-Ramos

Subjects

Computer science, Network security, Internet of Things, Denial-of-service attack, 02 engineering and technology, Network interface, security, Computer security, computer.software_genre, lcsh:Chemical technology, Biochemistry, Article, Analytical Chemistry, Firewall (construction), sensor networks, 0202 electrical engineering, electronic engineering, information engineering, lcsh:TP1-1185, DNS spoofing, Electrical and Electronic Engineering, Instrumentation, traffic policing, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Internet traffic, packet filtering, Atomic and Molecular Physics, and Optics, Software-Defined Networking, firewall, Distributed Denial of Service, 020201 artificial intelligence & image processing, The Internet, business, Software-defined networking, Wireless sensor network, computer

Abstract

A 2.3Tbps DDoS attack was recently mitigated by Amazon, which is a new record after the 2018 GitHub attack, or the famous 2016 Dyn DNS attack launched from hundreds of thousands of hijacked Internet of Things (IoT) devices. These attacks may disrupt the lives of billions of people worldwide, as we increasingly rely on the Internet. In this paper, we tackle the problem that hijacked IoT devices are often the origin of these attacks. With the goal of protecting the Internet and local networks, we propose Autopolicy: a system that automatically limits the IP traffic bandwidth&mdash, and other network resources&mdash, available to IoT devices in a particular network. We make use of the fact that devices, such as sensors, cameras, and smart home appliances, rarely need their high-speed network interfaces for normal operation. We present a simple yet flexible architecture for Autopolicy, specifying its functional blocks, message sequences, and general operation in a Software Defined Network. We present the experimental validation results, and release a prototype open source implementation.

Published

2020

6. Updating IoT devices: challenges and potential approaches

Author

Sara N. Matheu, Gianmarco Baldini, Antonio F. Skarmeta, and Jose L. Hernandez-Ramos

Subjects

Focus (computing), business.industry, Computer science, Firmware, Vulnerability, Computer security, computer.software_genre, Software, Software deployment, Scalability, Set (psychology), Internet of Things, business, computer

Abstract

The deployment of IoT devices is fostering the realization of an increasingly digital society. However, the features of such devices make them attractive targets for potential attackers. Indeed, each device will have to deal with new vulnerabilities and attacks during its lifecycle. Therefore, defining a secure mechanism for software/firmware updates is essential to guarantee the security of IoT devices. Although different approaches have been proposed in recent years, currently there is a lack of comprehensive approaches to address different requirements, such as scalability, efficiency, or management of versions and dependencies. In this work, we describe a set of challenges and analyze the current landscape of solutions for software/firmware updates in IoT devices. In particular, we focus our analysis on the IETF SUIT working group, as well as blockchain-based solutions, which have attracted a significant interest recently.

Published

2020

7. An Analysis of the Privacy Threat in Vehicular Ad Hoc Networks due to Radio Frequency Fingerprinting

Author

Raimondo Giuliani, Gianmarco Baldini, and Eduardo Cano Pons

Subjects

021110 strategic, defence & security studies, Article Subject, Data anonymization, Computer Networks and Communications, business.industry, Wireless ad hoc network, Computer science, 0211 other engineering and technologies, Physical layer, 020206 networking & telecommunications, TK5101-6720, 02 engineering and technology, Vehicle-to-vehicle, Computer security, computer.software_genre, Application layer, Dedicated short-range communications, Computer Science Applications, Telecommunication, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Fading, business, computer, Computer network

Abstract

In Vehicular Ad Hoc Networks (VANETs) used in the road transportation sector, privacy risks may arise because vehicles could be tracked on the basis of the information transmitted by the Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) communications implemented with the Dedicated Short Range Communications (DSRC) standards operating at 5.9 GHz. Various techniques have been proposed in the literature to mitigate these privacy risks including the use of pseudonym schemes, but they are mostly focused on data anonymization at the network and application layer. At the physical layer, the capability to accurately identify and fingerprint wireless devices through their radio frequency (RF) emissions has been demonstrated in the literature. This capability may generate a privacy threat because vehicles can be tracked using the RF emissions of their DSRC devices. This paper investigates the privacy risks related to RF fingerprinting to determine if privacy breaches are feasible in practice. In particular, this paper analyzes the tracking accuracy in challenging RF environments with high attenuation and fading.

Published

2017

8. Risk-based automated assessment and testing for the cybersecurity certification and labelling of IoT devices

Author

Jose L. Hernandez-Ramos, Antonio F. Skarmeta, Sara N. Matheu-Garcia, and Gianmarco Baldini

Subjects

General Computer Science, Scope (project management), Process (engineering), Computer science, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Certification, Computer security, computer.software_genre, Security testing, Computer Science Applications, Hardware and Architecture, ISO 31000, Proof of concept, Transparency (graphic), 0202 electrical engineering, electronic engineering, information engineering, Risk assessment, Law, computer, Software

Abstract

Nowadays, security aspects represent one of the most significant barriers for the adoption of large-scale Internet of Things (IoT) deployments. In this sense, being able to certify and communicate the security level of a certain device is crucial for their acceptance. Towards this end, we propose a security certification methodology designed for IoT to empower different stakeholders with the ability to assess security solutions for large-scale IoT deployments in an automated way. It also supports transparency on the IoT security level to the consumers because the methodology provides a label as one of the main results of the certification process. The certification approach represents an instantiation of the Risk-based Security Assessment and Testing methodologies presented by ETSI based on the ISO 31000 and ISO 29119, and it is built on top of different technologies and approaches for security testing and risk assessment adapted to the IoT landscape. As a proof of concept, the proposed methodology is applied to one of the scenarios proposed in the scope of the Horizon 2020 ARMOUR project for assessing the fulfillment of several security properties of IoT devices.

Published

2019

9. Ethical Design in the Internet of Things

Author

Gianmarco Baldini, Mariachiara Tallacchini, Maarten Botterman, and Ricardo Neisse

Subjects

Engineering, Technology, Health (social science), Internet of Things, 02 engineering and technology, Personalization, Management of Technology and Innovation, Agency (sociology), 0202 electrical engineering, electronic engineering, information engineering, Settore IUS/20 - FILOSOFIA DEL DIRITTO, Digital divide, Informed Consent, Health Policy, Data Collection, 06 humanities and the arts, Identification (information), Policy, Privacy, The Internet, Empowerment, Information Technology, IoT, Internet privacy, Context (language use), Disclosure, 0603 philosophy, ethics and religion, Morals, Users’ empowerment, Health(social science), World Wide Web, Stakeholder Participation, 020204 information systems, Humans, Ethics, Business, Computer Security, Ethics, Original Paper, Internet, business.industry, Community Participation, Transparency (behavior), Issues, ethics and legal aspects, Agency, Software deployment, Personal Autonomy, 060301 applied ethics, Power, Psychological, business, Delivery of Health Care

Abstract

Even though public awareness about privacy risks in the Internet is increasing, in the evolution of the Internet to the Internet of Things (IoT) these risks are likely to become more relevant due to the large amount of data collected and processed by the “Things”. The business drivers for exploring ways to monetize such data are one of the challenges identified in this paper for the protection of Privacy in the IoT. Beyond the protection of privacy, this paper highlights the need for new approaches, which grant a more active role to the users of the IoT and which address other potential issues such as the Digital Divide or safety risks. A key facet in ethical design is the transparency of the technology and services in how that technology handles data, as well as providing choice for the user. This paper presents a new approach for users’ interaction with the IoT, which is based on the concept of Ethical Design implemented through a policy-based framework. In the proposed framework, users are provided with wider controls over personal data or the IoT services by selecting specific sets of policies, which can be tailored according to users’ capabilities and to the contexts where they operate. The potential deployment of the framework in a typical IoT context is described with the identification of the main stakeholders and the processes that should be put in place.

Published

2016

10. SecKit: A Model-based Security Toolkit for the Internet of Things

Author

Ricardo Neisse, Igor Nai Fovino, Gary Steri, and Gianmarco Baldini

Subjects

General Computer Science, Standardization, Computer science, Interoperability, Internet of Things, Context (language use), Usage control, Computer security, computer.software_genre, Security policy, Smart city, Trust management (information system), Trust management, business.industry, Model-based, Management, Software deployment, Scalability, Security, business, computer, Law, Policy-based management, Computer Science(all)

Abstract

The control and protection of user data is a very important aspect in the design and deployment of the Internet of Things (IoT). The heterogeneity of IoT technologies, the large number of devices and systems, and the different types of users and roles create important challenges in this context. In particular, requirements of scalability, interoperability, trust and privacy are difficult to address even with the considerable amount of existing work both in the research and standardization community. In this paper we propose a Model-based Security Toolkit, which is integrated in a management framework for IoT devices, and supports specification and efficient evaluation of security policies to enable the protection of user data. Our framework is applied to a Smart City scenario in order to demonstrate its feasibility and performance.

Published

2015

11. Privacy-preserving attribute-based credentials in cooperative intelligent transport systems

Author

Gregory Neven, Ricardo Neisse, Jan Camenisch, and Gianmarco Baldini

Subjects

Authentication, business.industry, Computer science, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Pseudonym, Computer security, computer.software_genre, Credential, Signature (logic), 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), ComputingMilieux_COMPUTERSANDSOCIETY, 020201 artificial intelligence & image processing, business, Implementation, Intelligent transportation system, computer

Abstract

In Cooperative Intelligent Transport Systemss (C-ITSs), vehicles broadcast their location and other information over dedicated short-range radio channels. This communication must be authenticated to protect the information against tampering, but at the same time must be anonymous to protect the location privacy of the driver. The most prominent C-ITS solutions today let vehicles either store large numbers of preloaded pseudonym certificates, or let them regularly fetch new pseudonyms from an online authority. More advanced solutions based on group signatures or anonymous credentials allow vehicles to generate arbitrarily many pseudonyms locally, without requiring further interaction. These solutions, however, are vulnerable to Sybil attacks, as the compromised key material of a single vehicle could be used to impersonate an arbitrary number of vehicles simultaneously. In this paper, we propose a new generic approach for C-ITS authentication based on privacy-preserving Attribute-Based Credential (ABC) that generates pseudonyms locally on the vehicle, but where only one valid pseudonym can be generated at any given time. The computational performance and signature sizes of current Privacy-ABC schemes makes them more useful for low-frequency warning messages than for high-frequency beaconing. We therefore see our approach rather as a conceptual framework that can direct further research into more efficient dedicated implementations.

Published

2017

12. A wireless propagation analysis for the frequency of the pseudonym changes to support privacy in VANETs

Author

Gianmarco Baldini, Dimitrios Geneiatakis, and Eduardo Cano Pons

Subjects

Authentication, business.industry, Computer science, Wireless ad hoc network, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Physical layer, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Dedicated short-range communications, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Wireless, 020201 artificial intelligence & image processing, Fading, business, Intelligent transportation system, computer, Computer network

Abstract

Vehicle Ad Hoc Networks (VANETs) in Cooperative Intelligent Transport Systems (C-ITS) are based on the exchanges of messages among ITS-Stations (e.g., vehicles and roadside infrastructure) using the wireless G5 Dedicated Short Rate Communication (DSRC) standard to support safety-critical applications. VANETs require the authentication of ITS-stations and messages but the privacy of the drivers of the vehicles must be supported. In recent years, researchers have proposed solutions to mitigate privacy risks based on the use of pseudonyms. A key design decision is related to the frequency of the change of pseudonyms. The activity of a vehicle under one pseudonym can be linked to another thus providing traceability of the vehicle and a privacy risk for the driver. To prevent link-ability of actions, the vehicle must change pseudonyms over time. In this paper, the authors propose a radio frequency physical layer analysis to determine the frequency of the pseudonym changes. The rationale is that different wireless propagation conditions will impact the capability of the privacy attacker to trace the vehicle, thus reducing the need to frequently change the pseudonyms. The analysis has been performed in different channel fading conditions and for different relative speed values.

Published

2017

13. Security and privacy issues for an IoT based smart home

Author

Ioannis Kounelis, Ricardo Neisse, Dimitris Geneiatakis, Gary Steri, Gianmarco Baldini, and Igor Nai-Fovino

Subjects

Service (systems architecture), Information privacy, Cloud computing security, business.industry, Smart objects, Privacy software, Computer science, Internet privacy, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Home automation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Mobile device, computer

Abstract

Internet of Things (IoT) can support numerous applications and services in various domains, such as smart cities and smart homes. IoT smart objects interact with other components e.g., proxies, mobile devices, and data collectors, for management, data sharing and other activities in the context of the provided service. Though such components contribute to address various societal challenges and provide new advanced services for users, their limited processing capabilities make them vulnerable to well-known security and privacy threats. Until now various research works have studied security and privacy in IoT, validating this claim. However, to the best of our knowledge literature lacks research focusing on security and privacy flaws introduced in IoT through interactions among different devices supporting a smart home architecture. In particular, we set up the scene for a security and privacy threat analysis for a typical smart home architecture using off the shelf components. To do so, we employ a smart home IoT architecture that enables users to interact with it through various devices that support smart house management, and we analyze different scenarios to identify possible security and privacy issues for users.

Published

2017

14. Public Protection and Disaster Relief Communication System Integrity: A Radio-Flexibility and Identity-Based Cryptography Approach

Author

Marco Taddeo, Antonio Maria Cipriano, Gianmarco Baldini, Nikos Dimitriou, Andreas Polydoros, and Igor Nai Fovino

Subjects

Vehicular ad hoc network, Network security, business.industry, Computer science, Wireless network, Wireless ad hoc network, Mobile computing, Cryptography, Mobile ad hoc network, Ad hoc wireless distribution service, Computer security, computer.software_genre, Automotive Engineering, business, computer, Computer network

Abstract

This article describes the application of radio flexibility for designing public protection and disaster relief (PPDR) wireless networks (NETs) in support of PPDR special needs, primary among which is information- transport resilience. It focuses further on the central role of mobile ad hoc NETs as the ground-segment element of the total architecture since the eventual solution must support rapid, robust, secure, scalable, and connectivityoriented communications. Research challenges associated with the provision of the necessary diversity at all communication layers as a means to such robustness are identified. Security aspects are addressed through a signature scheme based on identity key cryptography. Finally, a use case based on flexible multihop mobile ad hoc network (MANET) path establishment for harsh environments is presented.

Published

2014

15. Public Safety Mobile Broadband: A Techno-Economic Perspective

Author

R. Pisz, Gianmarco Baldini, Oriol Sallent, Ramon Ferrus, Universitat Politècnica de Catalunya. Departament de Teoria del Senyal i Comunicacions, and Universitat Politècnica de Catalunya. GRCM - Grup de Recerca en Comunicacions Mòbils

Subjects

Mobile radio, Engineering, Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors [Àrees temàtiques de la UPC], Wireless communication, Public policy, Broadband networks, public protection and disaster relief organizations, Broadband, 050801 communication & media studies, 02 engineering and technology, Enginyeria de la telecomunicació::Radiocomunicació i exploració electromagnètica [Àrees temàtiques de la UPC], Mobile communication, Computer security, computer.software_genre, economic roots, 0508 media and communications, public safety mobile broadband, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Broadband communication systems, Professional mobile radio, techno-economic perspective, business.industry, Mobile broadband, 05 social sciences, 020206 networking & telecommunications, Provisioning, voice-centric services, Telecomunicació de banda ampla, Sistemes de, wireless communications, private/professional mobile radio technologies, PPDR mobile broadband communications, Automotive Engineering, Mobile telephony, business, Telecommunications, computer, mobile data-centric applications

Abstract

Wireless communications are critical to supporting the operational capabilities of public protection and disaster relief (PPDR) organizations. The private/professional mobile radio (PMR) technologies currently used for PPDR communications offer a rich set of voice-centric services [e.g., push-to-talk (PTT) group calls] but have very limited data transmission capabilities and are unable to cope with increasing demands in the PPDR community for mobile data-centric applications. Introducing PPDR mobile broadband communications faces a number of technical and economic/business challenges. It is believed that the current paradigm for PPDR communications provisioning based on dedicated technologies, dedicated networks, and dedicated spectrum no longer constitutes the main approach for introducing PPDR mobile broadband, and hence new paradigms and innovative solutions are needed. Thus, this article first identifies and discusses the main techno-economic drivers across the technology, network, and spectrum dimensions that are anticipated to lay the foundations for future PPDR communications to be efficient and cost-effective. Then, relevant estimations and illustrative figures are provided to add perspective and valuable insight into the economic roots of the envisioned future PPDR mobile broadband communications.

Published

2013

16. Informed consent in Internet of Things: The case study of cooperative intelligent transport systems

Author

Ricardo Neisse, Gianmarco Baldini, Vincent Mahieu, and Gary Steri

Subjects

Information privacy, Computer science, business.industry, Privacy policy, media_common.quotation_subject, Internet privacy, Authorization, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, Informed consent, Information and Communications Technology, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Data Protection Act 1998, 020201 artificial intelligence & image processing, Element (criminal law), Function (engineering), business, computer, Intelligent transportation system, media_common

Abstract

Informed Consent is an important element for data protection of Information and Communication Technology (ICT) systems as the consent of a data subject (e.g., the citizen) is often necessary for a third party to legitimately process personal data. To provide informed consent regarding the use of personal data, the citizen must have a clear understanding on how his/her personal data will be used by the system. This may not be an easy task in the upcoming paradigm of Internet of Things (IoT) where personal data can be collected without the full awareness of the user. A specific case study of IoT is Cooperative Intelligent Transport Systems (ITS), where vehicles will be capable of broadcasting or receiving data that allow them to communicate with each other and/or with the road infrastructure. C-ITS equipped vehicles constantly broadcasting data, including their speed and location may generate privacy risks, which must be addressed. While various privacy mitigation techniques have been proposed in literature, one key function is the provision of informed consent. This paper will describe a potential implementation for informed consent in C-ITS using a policy-based framework, where privacy settings and preferences can be defined by the user, thus empowering the user in the control of his/her private data.

Published

2016

17. Distributed access control policies for spectrum sharing

Author

Igor Nai Fovino, Stefano Braghin, Gianmarco Baldini, and Alberto Trombetta

Subjects

Computer Networks and Communications, business.industry, Computer science, media_common.quotation_subject, Access control, Computer security, computer.software_genre, Spectrum management, Domain (software engineering), Negotiation, Cognitive radio, Transmission (telecommunications), Wireless, State (computer science), business, Telecommunications, computer, Information Systems, media_common

Abstract

Cognitive radio is a novel wireless communication technology that allows for adaptive configuration of the reception parameters of a terminal, based on the information collected from the environment. Cognitive radio technology can be used in innovative spectrum management approaches such as spectrum sharing, where radio frequency spectral bands can be shared among various users through a dynamic exclusive-use spectrum access model. Spectrum sharing can be applied to various scenarios in the commercial, public safety and military domain. In some scenarios, spectrum sharing demands a mechanism for expressing and enforcing access control policies for the allocation of resources including spectral bands. The access control polices should state what are the available resources (e.g., transmission/reception bandwidths), what are the users that are allowed to access them and under what conditions. However, because of the intrinsically highly dynamic nature of specific scenarios (e.g., public safety, military), where parties with various levels of authority may suddenly appear, it may be difficult to establish in advance what are the most suitable access control policies. Trust negotiation is a well-known approach for expressing and enforcing distributed access control policies that depend on two or more parties. In this work, we present a trust negotiation-based framework that allows for the definition of highly expressive and flexible distributed access control policies for the allocation of spectrum resources. Copyright © 2012 John Wiley & Sons, Ltd.

Published

2012

18. Securing disaster supply chains with cryptography enhanced RFID

Author

Hermann Seuschek, Michael Braun, Gianmarco Baldini, Erwin Hess, and Franco Oliveri

Subjects

Engineering, Health (social science), Supply chain management, Humanitarian Logistics, Emergency management, business.industry, Supply chain, Public Health, Environmental and Occupational Health, Distribution management system, Management, Monitoring, Policy and Law, Computer security, computer.software_genre, ddc, Software deployment, Environmental Management/Environment, Radio-frequency identification, business, Natural disaster, computer

Abstract

PurposeHumanitarian logistics is an essential element of disaster management and it presents many challenges due to the unique disaster relief environment. The paper describes the main features and challenges of humanitarian logistics and the potential role of technology. Radio frequency identification (RFID) technology has been increasingly considered to improve the efficiency of supply chain management. Security is an important requirement for disaster management. The purpose of this paper is to propose and describe the application of secure RFID technology to improve the management and security of relief supply chains.Design/methodology/approachThe paper describes the challenges of disaster of supply chains and how secure RFID can address them in the overall framework of disaster management.FindingsThe paper describes the efficiency of the crypotgraphic algorithm used in the design of the secure RFID, the system architecture and the deployment workflow.Practical implicationsThe establishment of a logistics tracking framework based on secure RFID has the potential to greatly increase the effectiveness of future emergency crises response operations.Originality/valueThe originality of the paper is to present the application of secure RFID to the context of disaster management, where the security of supply chains is often not addressed.

Published

2012

19. The EULER project: application of software defined radio in joint security operations

Author

Christophe Moy, Gianmarco Baldini, R. Dopico, Taj A. Sturman, Timo Braysy, Marco Luise, F. Vergari, O. Picchi, European Commission - Joint Research Centre [Ispra] (JRC), Astrium [Toulouse], EADS - European Aeronautic Defense and Space, Institut d'Électronique et des Technologies du numéRique (IETR), Université de Nantes (UN)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS), Centre for Wireless Communications [University of Oulu] (CWC), University of Oulu, Nantes Université (NU)-Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS), and Université de Nantes (UN)-Université de Rennes 1 (UR1)

Subjects

Computer Networks and Communications, Computer science, Interoperability, interoperability, 02 engineering and technology, Computer security, computer.software_genre, 030507 speech-language pathology & audiology, 03 medical and health sciences, Disaster area, Software portability, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, SDR, Natural disaster, PPDR, Software Communications Architecture, 020206 networking & telecommunications, Software-defined radio, SCA, Information assurance, [SPI.TRON]Engineering Sciences [physics]/Electronics, Computer Science Applications, IEEE, 13. Climate action, Terrorism, 0305 other medical science, Software architecture, computer, CRS

Abstract

The task of improving the effectiveness of public safety communications has become a main priority for governments. This is partly motivated by the increased risk of natural disasters such as flooding, earthquakes and fires, and partly, due to the risks and consequent impact of terrorist attacks. This paper focuses on the experience from the European Commission (EC) Seventh Framework Programme (FP7) project known as EULER, which seeks to demonstrate the benefits of Software Defined Radio (SDR) technology to support the resolution of natural disasters of significant stature, which require the participation of different public safety and military organizations, potentially of different nations. In such scenarios, the presence of interoperability barriers in the disaster area is a major challenge because different organizations may use different wireless communication systems. In this context, the main aspect investigated in EULER is the definition of a common waveform that respects the Software Communications Architecture (SCA) constraints, and guarantees maximum portability across SDR platforms. This paper discusses a range of issues which have been identified thus far within the EULER project; in particular the perceived pan-European interoperability needs of Public Safety and the coordination with military devices and networks. Aspects of interoperability are also extended to the three dimensions of platform, waveform and information assurance., JRC.G.6-Security technology assessment

Published

2011

20. An early warning system for detecting GSM-R wireless interference in the high-speed railway infrastructure

Author

Marcoccio Stefano, Raffaele Malangone, Marco Luise, Enzo Bagagli, Gianmarco Baldini, Vincenzo Pellegrini, Fabio Senesi, Giuseppe Rubino, Marcelo Masera, and Igor Nai Fovino

Subjects

Engineering, Information Systems and Management, Wireless interference, business.industry, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Computer security, computer.software_genre, Critical infrastructure, Computer Science Applications, GSM-R, GSM, Information and Communications Technology, Modeling and Simulation, Wireless, Early warning system, Train, Safety, Risk, Reliability and Quality, business, Telecommunications, computer

Abstract

Railways are an important critical infrastructure because they transport commodities and goods (freight rail) and people (passenger rail). Like other critical infrastructures, the railway infrastructure is complex and geographically dispersed and has become increasingly dependent on information and communications technology (ICT). Therefore, the mitigation of ICT vulnerabilities is essential for protecting the railway infrastructure. This paper focuses on the European high-speed railroad infrastructure, in which a wireless system based on the Global System for Mobile Communications for Railways (GSM-R) standard plays an important role in distributing signaling information to trains. The paper examines the GSM-R vulnerabilities due to wireless interference and describes an innovative monitoring system based on software-defined radio technology that is designed for the early detection of wireless interference.

Published

2010

21. An agent-based framework for Informed Consent in the internet of things

Author

Gary Steri, Ricardo Neisse, Yutaka Miyake, Gianmarco Baldini, Shinsaku Kiyomoto, and Abdur Rahim Biswas

Subjects

Computer science, End user, business.industry, Control (management), Internet privacy, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Context (language use), Service provider, Computer security, computer.software_genre, Informed consent, Software deployment, Smart city, business, computer, License

Abstract

The Informed Consent of a data subject (e.g., citizen) is often necessary to allow the legitimate processing of personal data by a third party application. The current implementation of Informed Consent based on End User License Agreements (EULA) has many limitations, which are likely to become more critical in future IoT applications, where the collection of personal data can happen in various ways and is not evident to the user. There is the need to define more sophisticated models of Informed Consent for IoT, which address the specific features of IoT, improve on the EULA approach, and protect the flow of personal data from the IoT sensors. In this paper, we propose an agent-based design for Informed Consent in IoT, where access to personal data is regulated through usage control policies, which can be tailored for the specific features of the user and the context. Policies are associated to users, service providers, and smart spaces containing IoT devices in a privacy-friendly way using pseudonyms. The main design concepts are described and applied to a smart city scenario, to evaluate the feasibility of the framework and the related deployment aspects.

Published

2015

22. Policies for Efficient Spectrum Sharing

Author

Liljana Gavrilovska, Vladimir Atanasovski, and Gianmarco Baldini

Subjects

business.industry, Political science, Internet privacy, business, Spectrum sharing, Computer security, computer.software_genre, computer

Published

2015

23. Detection of DECT identity spoofing through radio frequency fingerprinting

Author

Riccardo Satta, Ignacio Sanchez, Gianmarco Baldini, and Raimondo Giuliani

Subjects

Cordless, Spoofing attack, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Digital Enhanced Cordless Telecommunications, Computer security, computer.software_genre, Front and back ends, Base station, GSM, Wireless, Radio frequency, business, computer, Computer network

Abstract

Digital Enhanced Cordless Telecommunications (DECT) is an European Telecommunications Standards Institute (ETSI) standard for short-range cordless communications with a large worldwide installed customer base, both in residential and enterprise environments. As in other wireless standards, the existence of active attacks against the security and privacy of the communications, involving identity spoofing, is well documented in the literature. Although the detection of spoofing attacks has been extensively investigated in the literature for other wireless protocols, such as Wi-Fi and GSM, very limited research has been conducted on their detection in DECT communications. In this paper, we describe an effective method for the detection of identity spoofing attacks on DECT communications, using a radio frequency fingerprinting technique. Our approach uses intrinsic features of the front end of DECT base stations as device fingerprints and uses them to distinguish between legitimate and spoofing devices. The results of measurement campaigns and the related analysis are presented and discussed.

Published

2015

24. Privacy leakages in Smart Home wireless technologies

Author

Gary Steri, Ignacio Sanchez, Andrea Ciardulli, Igor Nai Fovino, Gianmarco Baldini, Riccardo Satta, and David Shaw

Subjects

Cordless, Traffic analysis, business.industry, Privacy software, Computer science, Smart device, Context (language use), Computer security, computer.software_genre, law.invention, Home automation, law, Information leakage, Wireless, business, computer

Abstract

The concept of Smart Home where appliances, sensors, actuators, displays and computing resources are connected and interact to support the life of the citizen is being increasingly researched. In this context, the Wi-Fi communication technology has grown to become the de-facto standard for data communications in Smart Home environments, with cordless telephony being dominated by the DECT protocol. Even though both technologies incorporate sets of security features aimed at securing the confidentiality and integrity of the communications, the nature and the design of both radio-frequency protocols make them vulnerable, up to a certain extent, to privacy leakages through traffic analysis attacks. In this paper we explore the information leakage vulnerabilities inherent to these technologies and their potential impact on citizens’ privacy in the context of the Smart Home. We demonstrate how the websites visited by a smart device can be inferred by applying machine learning and pattern matching techniques to eavesdropped encrypted traffic. Keywords—Privacy, Wireless communications, Machine learning

Published

2014

25. A Cognitive Access Framework for Security and Privacy Protection in Mobile Cloud Computing

Author

Gianmarco Baldini and Pasquale Stirparo

Subjects

Point (typography), Computer science, business.industry, Internet privacy, Privacy protection, Cognition, Communications system, Computer security, computer.software_genre, Mobile cloud computing, Information system, Wireless, Everyday life, business, computer

Abstract

Information systems and wireless communications are becoming increasingly present in the everyday life of citizens both from a personal and business point of view. A recent development in this context is Mobile Cloud Computing (MCC), which is the combination of Cloud Computing and pervasive mobile networks. Ensuring the preservation of privacy can be difficult in MCC. Therefore, this chapter provides an overview of the main challenges in ensuring privacy in MCC and surveys the most significant contributions from the research community. The second objective of the chapter is to introduce and describe a new framework for privacy protection based on the concepts of Virtual Object (VO) and Composite Virtual Object (CVO), where data are encapsulated and protected using a sticky policy approach and a role-based access model. The proposed iCore framework is compared to the privacy challenges described in the first objective.

Published

2014

26. A Model-based Security Toolkit for the Internet of Things

Author

Raffaele Giaffreda, Panagiotis Vlacheas, Gianmarco Baldini, Vera Stavroulaki, Igor Nai Fovino, and Ricardo Neisse

Subjects

Cloud computing security, business.industry, Computer science, Data security, Computer security model, Internet security, Computer security, computer.software_genre, Security information and event management, Security association, Smart city, Human-computer interaction in information security, business, computer

Abstract

The control and protection of user data is a very important aspect in the design of Internet of Things (IoT) and smart-devices applications and services. The heterogeneity of the IoT technologies, the number of the participating devices and systems, the different types of users and roles create important challenges for the design and deployment of IoT. In particular, requirements of scalability, interoperability and privacy are difficult to address even with a considerable amount of existing work both in the research and standardization community. In this paper we propose a Security Toolkit, integrated in a management framework for IoT’ devices, that supports efficient data usage control and enables the protection of user data. Our framework is applied to a Smart City scenario in order to evaluate its feasibility and performance., JRC.G.6-Digital Citizen Security

Published

2014

27. Enforcement of Security Policy Rules for the Internet of Things

Author

Gary Steri, Ricardo Neisse, and Gianmarco Baldini

Subjects

Information privacy, Computer science, business.industry, Privacy software, Internet privacy, Security policy, Computer security, computer.software_genre, Internet security, Security association, Data Protection Act 1998, Privacy engineering, business, computer, Personally identifiable information

Abstract

According to the European Union data protection legislation, privacy is a fundamental right that should be protected in the interaction of the citizen with the digital world. In the evolution of Internet towards new paradigms like Internet of Things (IoT), protection of privacy can be a challenging task because IoT connected objects can generate an enormous amount of data, some of which actually constitute personal data. In addition, it is difficult to control the flow of data when there is no user interface or adequate tools for the user. In this paper we describe an efficient solution to enforcement security policy rules that addresses this challenge, and takes a more general enterprise architecture approach for security and privacy engineering in IoT. This enforcement solution is based on a Model-based Security Toolkit named SecKit, and its integration with the MQ Telemetry Transport (MQTT) protocol layer, which is a widely adopted technology to enable the communication between IoT devices. In this paper, we describe the motivation and design of our enforcement solution, demonstrating its feasibility and the performance results in a case study., JRC.G.6-Digital Citizen Security

Published

2014

28. Connectivity and Security in a D2D Communication Protocol for Public Safety Applications

Author

Karina Gomez, Gary Steri, Gianmarco Baldini, and Leonardo Goratti

Subjects

business.industry, Computer science, Node (networking), Computer security, computer.software_genre, Encryption, Cellular network, Wireless, Mobile technology, Underlay, business, Communications protocol, computer, UMTS frequency bands, Computer network

Abstract

Device-to-Device (D2D) communication is an important feature for many kinds of mobile networks and in particular for the UMTS Long Term Evolution Advanced (LTE-A) cellular technology, where an underlay network can be created between User Equipments (UEs) without the support of an evolved Node Bs (eNBs). The possibility to allow direct links between UEs plays an important role when the commercial LTE infrastructure is subject to failures or becomes unavailable after a disaster. Project ABSOLUTE, in scenarios for public safety, proposes raising in the sky a balloon with attached a 4G eNB (AeNB) to restore temporarily connectivity. In all cases in which UEs are out-ofcoverage of the AeNB like in indoors, D2D becomes crucial. In this work we propose to establish direct links employing a communication protocol that relies on the transmission of beacon frames sent in broadcast mode by selected UEs. We delve security aspects of this D2D protocol suitable for Public Safety (PS) users with out-of-coverage UEs based on sharing encryption keys. We pursue a network connectivity analysis of the secure protocol whereby we are able to show the existence of tradeoff points between connectivity and the increased overhead added by the security for different values of the system parameters., JRC.G.6-Digital Citizen Security

Published

2014

29. Identity-based security systems for vehicular ad-hoc networks

Author

Igor Nai Fovino, Vincent Mahieu, Marco Taddeo, Alberto Trombetta, and Gianmarco Baldini

Subjects

Engineering, Information privacy, Vehicular communication systems, Authentication, Vehicular ad hoc network, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Cryptographic protocol, Computer security, computer.software_genre, Identity-based security, business, computer, Intelligent transportation system, Key escrow, Computer network

Abstract

Cooperative Intelligent Transport Systems (ITS) based on vehicular car to car ad-hoc networks have been extensively investigated by the research community and industry to improve efficiency and safety in road traffic. The management and control of the vehicular ad-hoc network (VANET) is still one of the most challenging research fields in the networking domain. In particular, security and privacy protection are very important requirements for the design of VANETs. The potential high dynamicity of VANETs and the need for flexibility and scalability in ITS applications supports the research for new security frameworks and the application of novel cryptographic schemes that ensure authentication, integrity and confidentiality given the constrained computational environment in which such applications usually operate. This paper investigates the application of identity based (id-based, for short) cryptographic (IBC) scheme (in particular, signature schemes) to provide better security and privacy for VANET. Along with a presentation of the state-of-the-art in this area, this paper presents a security framework for car-to-car VANETs based on a protocol for the distributed generation of signing keys that overcome key escrow issues.

Published

2013

30. An Architecture for Secure m-Commerce Applications

Author

Jan Löschner, Gianmarco Baldini, Sead Muftic, and Ioannis Kounelis

Subjects

010302 applied physics, Computer science, business.industry, Mobile commerce, Mobile computing, Mobile Web, Mobile business development, 02 engineering and technology, Mobile communications over IP, Computer security, computer.software_genre, 01 natural sciences, World Wide Web, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Mobile payment, Mobile search, 020201 artificial intelligence & image processing, Mobile technology, business, computer

Abstract

As mobile communication technology evolves, more and more features are available to users of mobile devices. The adoption of such features is rapid and the demand for more capabilities is growing, especially with the development of the Internet of Things. One of the most challenging and sensitive concepts used in the always connected mobile world is mobile commerce. Security for mobile financial transactions is of extreme high concern. In this paper we describe an architecture of a secure m- commerce system based on the concepts defined in the FP7 iCore project. We propose a framework that structures an m-commerce system in objects and with semantic searching capabilities provides an efficient and secure handling of system resources and transactions., JRC.G.7-Digital Citizen Security

Published

2013

31. LTE: the technology driver for future public safety communications

Author

Ramon Ferrus, Gianmarco Baldini, Leonardo Goratti, Oriol Sallent, Universitat Politècnica de Catalunya. Departament de Teoria del Senyal i Comunicacions, and Universitat Politècnica de Catalunya. GRCM - Grup de Recerca en Comunicacions Mòbils

Subjects

Service (systems architecture), System architecture solution, Public protection and disaster relief operational needs, Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors [Àrees temàtiques de la UPC], Computer Networks and Communications, Computer science, Voice-centric services, Interoperability, Mobile computing, Professional mobile radio, Context (language use), Servers, 02 engineering and technology, Enginyeria de la telecomunicació::Radiocomunicació i exploració electromagnètica [Àrees temàtiques de la UPC], Computer security, computer.software_genre, Mobile communication, IP networks, Quality of service, Long-Term Evolution technology, 0202 electrical engineering, electronic engineering, information engineering, Long Term Evolution, Wireless, Electrical and Electronic Engineering, Broadband communication systems, Radio spectrum management, business.industry, Mobile broadband, 020206 networking & telecommunications, Dynamic management, LTE-based mobile networks, Computer Science Applications, Broadband communication, Telecomunicació de banda ampla, Sistemes de, Future public safety communications, 020201 artificial intelligence & image processing, Mobile telephony, Mobile broadband PPDR service provisioning, business, Telecommunications, Data-centric services, Private mobile radio technologies, computer

Abstract

Wireless communications technologies play an essential role to support the Public Protection and Disaster Relief (PPDR) operational needs. The current Private/Professional Mobile Radio (PMR) technologies used for PPDR communications offer a rich set of voice-centric services but have very limited data transmission capabilities, which are unable to handle the increasing PPDR community demand for a wider range of data-centric services. Though some efforts have been devoted to upgrade PMR technologies with better data transfer capabilities, the progression towards an enhanced mobile broadband PMR standardized solution still lags behind the achievements made in the commercial wireless industry, which recently culminated in Long-Term Evolution (LTE) technology. Because of this contrasting progress, the adoption of commercial mainstream LTE technology to satisfy the PPDR community’s data communication needs is gaining momentum and offers significant opportunities to create and exploit the synergies between the commercial and PPDR domains, which have remained almost entirely separate to date. In this context, this paper first discusses the suitability of LTE and related technologies for mobile broadband PPDR service provisioning. Next, it presents the argument that the most plausible future scenarios to deliver the increasingly data-intensive applications demanded by the PPDR agencies are expected to rely on the use of both dedicated and commercial LTE-based mobile networks. From this basis, the paper proposes a system architecture solution for PPDR service provisioning that enables PPDR service access through dedicated and commercial networks in a secure and interoperable manner and ensures proper allocation of the networks’ capacity to PPDR applications through the dynamic management of prioritization policies. In addition, the spectrum-related issues that are central to the proposed PPDR service provisioning solution are addressed, and a solution based on the joint exploitation of dedicated and shared spectra is proposed., JRC.G.7-Digital Citizen Security

Published

2013

32. Security Aspects in Software Defined Radio and Cognitive Radio Networks: A Survey and A Way Ahead

Author

T. Sturman, Gianmarco Baldini, R. Leschhorn, Michael Street, G. Godor, and Abdur Rahim Biswas

Subjects

Emulation, Computer science, business.industry, Interoperability, Denial-of-service attack, Software-defined radio, computer.software_genre, Information assurance, Computer security, Cognitive radio, Software deployment, Malware, Electrical and Electronic Engineering, Telecommunications, business, computer

Abstract

Software Defined Radio (SDR) and Cognitive Radio (CR) are promising technologies, which can be used to alleviate the spectrum shortage problem or the barriers to communication interoperability in various application domains. The successful deployment of SDR and CR technologies will depend on the design and implementation of essential security mechanisms to ensure the robustness of networks and terminals against security attacks. SDR and CR may introduce entirely new classes of security threats and challenges including download of malicious software, licensed user emulation and selfish misbehaviors. An attacker could disrupt the basic functions of a CR network, cause harmful interference to licensed users or deny communication to other CR nodes. The research activity in this area has started only recently and many challenges are still to be resolved. This paper presents a survey of security aspects in SDR and CR. We identify the requirements for the deployment of SDR and CR in the public safety, commercial and military domain, the main security threats and challenges and the related protection techniques. Finally this paper provides an overview of the SDR and CR certification process and how it is related to the security aspects., JRC.G.6-Security technology assessment

Published

2010

33. Adaptive and Distributed Access Control in Cognitive Radio Networks

Author

Alberto Trombetta, Stefano Braghin, Igor Nai Fovino, and Gianmarco Baldini

Subjects

business.industry, Computer science, Wireless network, media_common.quotation_subject, Access control, Computer security, computer.software_genre, Spectrum management, Negotiation, Cognitive radio, Wireless, business, Resilience (network), computer, Computer network, media_common

Abstract

Cognitive Radio (CR) is a novel wireless technology communication that allows for adaptive configuration of the reception parameters of a terminal, based on the information collected from the environment. CR techniques may be applied to the resolution of emergency crisis to improve the spectrum utilization and the resilience of the wireless networks used by public safety organizations. Typically, such scenarios demand a mechanism for expressing and enforcing access control policies: that is, for stating what are the available resources (e.g. transmission/reception bandwidths), what are the parties that are allowed to access them and under what conditions. However, due to the intrinsically highly dynamic nature of such settings - in which unknown parties may suddenly appear and force a change in the configuration of other parties - it is extremely difficult to establish in advance what are the most suitable access control policies. Trust negotiation is a well-known approach for expressing and enforcing distributed access control policies which depend on two or more (initially mutually untrusting) parties. Such policies are determined on the fly by all the involved parties and do not require a centralized authority. In this work we present a trust negotiation-based framework which allows for the definition of highly expressive and flexible distributed access control policies and their efficient enforcement in cognitive radio networks.

Published

2010

34. The use of secure RFID to support the resolution of emergency crises

Author

Hermann Seuschek, Erwin Hess, Michael Braun, Franco Oliveri, and Gianmarco Baldini

Subjects

Flexibility (engineering), Supply chain management, Spoofing attack, business.industry, Computer science, Supply chain, Context (language use), Cryptography, Eavesdropping, Computer security, computer.software_genre, Identification (information), business, computer

Abstract

The resolution of emergency crises and natural disasters is heavily dependent, among other things, on efficient supply chain management to bring the necessary material to the first time responders. The supply chain used in the resolution of emergency crises must have capabilities of agility and flexibility to respond to the challenges, which are typical of these scenarios. Emergency crises are often characterized by a chaotic environment and by a general lack of infrastructures, which are usually degraded or destroyed as a consequence of the source of crisis. Such conditions make the task to maintain the supply chain and provide the delivery of correct equipment and goods to the right places and at the right time more difficult. RFID has been increasingly considered, in the context of emergency crisis scenarios, to address the described challenges and to improve the supply chain. An important requirement is security. RFID devices must not be tampered with and they should be resistant to security attacks (e.g. spoofing, eavesdropping, cloning) to ensure that the supply chain is not disrupted by criminals and that cargo and goods are not stolen. In this context, this paper will present the application and benefits of the recent technological breakthroughs developed by Siemens and Infineon Technologies in the field of secure RFID. This paper will analyze practical utilization of this type of device in the resolution of emergency crises to guarantee the reliability of sealing of the goods and their identification. The establishment of a logistics tracking framework based on secure RFID has the potential to greatly increase the effectiveness of future emergency crises response operations.

Published

2009

35. Improving Internet of Things device certification with policy-based management

Author

Ricardo Neisse, Gary Steri, Elizabeta Fourneret, Gianmarco Baldini, Bruno Legeard, and Abbas Ahmad

Subjects

020203 distributed computing, Model-based testing, Computer science, Process (engineering), Authorization, Botnet, Vulnerability, Certified Information Systems Security Professional, Denial-of-service attack, 02 engineering and technology, Certification, Computer security, computer.software_genre, Order (exchange), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, computer, Policy-based management

Abstract

The fast growing rate of the IoT systems with strong pressure to put devices on the market as soon as possible makes these systems vulnerable targets for cyber criminals, as recently seen in the Mirai botnet Distributed Denial-of-Service (DDoS) attack. A way to mitigate these threats is to enforce a comprehensive security certification process of IoT devices based on common standards. In this paper, we present an approach to improve certification of IoT devices using a combination of model-based testing and policy-based management in order to detect post certification vulnerabilities and act on them by introducing runtime policy enforcement capabilities. More precisely, we address these attacks using policy enforcement in order to correct vulnerable IoT device behavior and protect users even if security and privacy were not properly addressed by the device manufactures. We describe the details of our approach and, focusing on authorization vulnerabilities, we present a case study for the oneM2M standard showing how our solution can be applied in practice.

36. Security certification and labelling in Internet of Things

Author

Ricardo Neisse, Franck Le Gall, Antonio F. Skarmeta, Bruno Legeard, Gianmarco Baldini, and Elizabeta Fourneret

Subjects

Cloud computing security, Computer science, Context (language use), Certified Information Systems Security Professional, 02 engineering and technology, Certification, Computer security model, Computer security, computer.software_genre, Security testing, Software deployment, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Element (criminal law), Web threat, computer

Abstract

In recent years, security and privacy aspects of IoT have received considerable attention from the industry and research communities. Because IoT will be more pervasive in the everyday life of the citizens, and it may be used in safety related applications (e.g., road transportation), its security threats may be more damaging than conventional Internet threats. Due to processing and memory constraints, the provision of security functions could be quite challenging in IoT. In addition, IoT devices must operate in a dynamic environment in terms of communication interfaces and fast upgrade cycle (e.g., patching), which imposes severe security requirements to designer and developers. Privacy aspects are also relevant because of the large amount of data collected by IoT sensors. In this context, the security certification of IoT devices is an important element to support the development and deployment of trusted IoT systems and applications. The objective of this paper is to investigate IoT security certification taking into consideration the current security certification frameworks, standards, and their related limitations identified by the industry and research communities. This paper proposes a new approach for security certification in IoT, which addresses the identified limitations and links formal models to testing and certification.

37. Zone Keys Trust Management in Vehicular Networks based on Blockchain

Author

Jose L. Hernandez-Ramos, Sara N. Matheu, Gianmarco Baldini, and Gary Steri

Subjects

Authentication, Blockchain, Vehicular ad hoc network, Revocation, business.industry, Computer science, 020206 networking & telecommunications, Public key infrastructure, 02 engineering and technology, Computer security, computer.software_genre, Public-key cryptography, Software deployment, 11. Sustainability, 0202 electrical engineering, electronic engineering, information engineering, Trust management (information system), business, computer

Abstract

The future deployment of vehicular networks for road transportation (the so called Cooperative Intelligent Transport System (C-ITS) in Europe or Connected Vehicles program in USA) should be based on the secure exchange of messages among the vehicles and the infrastructure communication nodes. Deployment projects in various parts of the world are setting up Public Key Infrastructures (PKI) to support the security and privacy aspects on vehicular communications. While the use of PKI is a known technology to build a security framework for C-ITS and Connected Vehicles deployments and it will provide the basic needed services for integrity and authentication, research communities around the world are exploring extensions of these frameworks to implement specific functions like misbehavior detection and revocation. In addition, new techniques to mitigate privacy risks in vehicular networks are explored. In this paper, we address these aspects by proposing the use of blockchain in combination with a zone keys concept where the authorization certificates produced by the PKI are provided to the vehicles only if specific conditions stored in the blockchain are valid. We show how the concepts described in this paper can enhance the PKI-based frameworks through an efficient revocation mechanism, and mitigating privacy risks as well.

38. Toward a Blockchain-based Platform to Manage Cybersecurity Certification of IoT devices

Author

Ricardo Neisse, Jose L. Hernandez-Ramos, Antonio F. Skarmeta, Gianmarco Baldini, and Sara N. Matheu

Subjects

FOS: Computer and information sciences, Service (systems architecture), Computer Science - Cryptography and Security, ComputingMilieux_THECOMPUTINGPROFESSION, Traceability, Process (engineering), Computer science, business.industry, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 020206 networking & telecommunications, 02 engineering and technology, Certification, Computer security, computer.software_genre, Transparency (behavior), Electronic product, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Internet of Things, business, Cryptography and Security (cs.CR), computer

Abstract

The goal of this paper is to propose a blockchain-based platform to enhance transparency and traceability of cybersecurity certification information motivated by the recently adopted EU Cybersecurity Act. The proposed platform is generic and intended to support the trusted exchange of cybersecurity certification information for any electronic product, service, or process. However, for the purposes of this paper, we focus on the case study of the cybersecurity certification of IoT devices, which are explicitly referenced in the recently adopted Cybersecurity Act as one of the main domains where it is highlighted the need for an increased level of trust., 8 pages