Your search keyword '"Conti, M. (author)"' showing total 57 results

1. GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks

Author

Agiollo, A. (author), Bardhi, Enkeleda (author), Conti, M. (author), Lazzeretti, Riccardo (author), Losiouk, Eleonora (author), Omicini, Andrea (author), Agiollo, A. (author), Bardhi, Enkeleda (author), Conti, M. (author), Lazzeretti, Riccardo (author), Losiouk, Eleonora (author), and Omicini, Andrea (author)

Abstract

In the context of Information-Centric Networking, Interest Flooding Attacks (IFAs) represent a new and dangerous sort of distributed denial of service. Since existing proposals targeting IFAs mainly focus on local information, in this paper we propose GNN4IFA as the first mechanism exploiting complex non-local knowledge for IFA detection by leveraging Graph Neural Networks (GNNs) handling the overall network topology.In order to test GNN4IFA, we collect SPOTIFAI, a novel dataset filling the current lack of available IFA datasets by covering a variety of IFA setups, including ~40 heterogeneous scenarios over three network topologies. We show that GNN4IFA performs well on all tested topologies and setups, reaching over 99% detection rate along with a negligible false positive rate and small computational costs. Overall, GNN4IFA overcomes state-of-the-art detection mechanisms both in terms of raw detection and flexibility, and - unlike all previous solutions in the literature - also enables the transfer of its detection on network topologies different from the one used in its design phase., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2023

2. Plug and Power: Fingerprinting USB Powered Peripherals via Power Side-channel

Author

Spolaor, Riccardo (author), Liu, Hao (author), Turrin, Federico (author), Conti, M. (author), Cheng, Xiuzhen (author), Spolaor, Riccardo (author), Liu, Hao (author), Turrin, Federico (author), Conti, M. (author), and Cheng, Xiuzhen (author)

Abstract

The literature and the news regularly report cases of exploiting Universal Serial Bus (USB) devices as attack tools for malware injections and private data exfiltration. To protect against such attacks, security researchers proposed different solutions to verify the identity of a USB device via side-channel information (e.g., timing or electromagnetic emission). However, such solutions often make strong assumptions on the measurement (e.g., electromagnetic interference-free area around the device), on a device’s state (e.g., only at the boot or during specific actions), or are limited to one particular type of USB device (e.g., flash drive or input devices).In this paper, we present PowerID, a novel method to fingerprint USB peripherals based on their power consumption. PowerID analyzes the power traces from a peripheral to infer its identity and properties. We evaluate the effectiveness of our method on an extensive power trace dataset collected from 82 USB peripherals, including 35 models and 8 types. Our experimental results show that PowerID accurately recognizes a peripheral type, model, activity, and identity., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2023

3. Social Honeypot for Humans: Luring People Through Self-managed Instagram Pages

Author

Bardi, Sara (author), Conti, M. (author), Pajola, L. (author), Tricomi, Pier Paolo (author), Bardi, Sara (author), Conti, M. (author), Pajola, L. (author), and Tricomi, Pier Paolo (author)

Abstract

Social Honeypots are tools deployed in Online Social Networks (OSN) to attract malevolent activities performed by spammers and bots. To this end, their content is designed to be of maximum interest to malicious users. However, by choosing an appropriate content topic, this attractive mechanism could be extended to any OSN users, rather than only luring malicious actors. As a result, honeypots can be used to attract individuals interested in a wide range of topics, from sports and hobbies to more sensitive subjects like political views and conspiracies. With all these individuals gathered in one place, honeypot owners can conduct many analyses, from social to marketing studies. In this work, we introduce a novel concept of social honeypot for attracting OSN users interested in a generic target topic. We propose a framework based on fully-automated content generation strategies and engagement plans to mimic legit Instagram pages. To validate our framework, we created 21 self-managed social honeypots (i.e., pages) on Instagram, covering three topics, four content generation strategies, and three engaging plans. In nine weeks, our honeypots gathered a total of 753 followers, 5387 comments, and 15739 likes. These results demonstrate the validity of our approach, and through statistical analysis, we examine the characteristics of effective social honeypots., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2023

4. BARON: Base-Station Authentication Through Core Network for Mobility Management in 5G Networks

Author

Lotto, Alessandro (author), Singh, Vaibhav (author), Ramasubramanian, Bhaskar (author), Brighente, Alessandro (author), Conti, M. (author), Poovendran, Radha (author), Lotto, Alessandro (author), Singh, Vaibhav (author), Ramasubramanian, Bhaskar (author), Brighente, Alessandro (author), Conti, M. (author), and Poovendran, Radha (author)

Abstract

Fifth-generation (5G) cellular communication networks are being deployed on applications beyond mobile devices, including vehicular networks and industry automation. Despite their increasing popularity, 5G networks, as defined by the Third Generation Partnership Project (3GPP), have been shown to be vulnerable against fake base station (FBS) attacks. An adversary carrying out an FBS attack emulates a legitimate base station by setting up a rogue base station. This enables the adversary to control the connection of any user equipment that (inadvertently) connects with the rogue base station. Such an adversary can gather sensitive information belonging to the user. While there is a large body of work focused on the development of tools to detect FBSs, the user equipment will continue to remain vulnerable to an FBS attack. In this paper, we propose BARON, a defense methodology to enable user equipment to determine whether a target base station that it is connecting to is legitimate or rogue. BARON accomplishes this by ensuring that the user receives an authentication token from the target base station which can be computed only by a legitimate and trusted entity. As a consequence, receiving such an authentication token from a base station ensures legitimacy of the base station. We evaluate BARON through extensive experiments on the handover process between base stations in 5G networks. Our experimental results show that BARON introduces an overhead of less than 1% during handover completion, which is 10000× lower than the overhead reported by a state-of-the-art method. BARON is also effective in thwarting an FBS attack and quickly recovering connection to a legitimate base station., Cyber Security

Published

2023

5. Employing Deep Ensemble Learning for Improving the Security of Computer Networks against Adversarial Attacks

Author

Nowroozi, Ehsan (author), Mohammadi, Mohammadreza (author), Savas, Erkay (author), Mekdad, Yassine (author), Conti, M. (author), Nowroozi, Ehsan (author), Mohammadi, Mohammadreza (author), Savas, Erkay (author), Mekdad, Yassine (author), and Conti, M. (author)

Abstract

In the past few years, Convolutional Neural Networks (CNN) have demonstrated promising performance in various real-world cybersecurity applications, such as network and multimedia security. However, the underlying fragility of CNN structures poses major security problems, making them inappropriate for use in security-oriented applications, including computer networks. Protecting these architectures from adversarial attacks necessitates using security-wise architectures that are challenging to attack. In this study, we present a novel architecture based on an ensemble classifier that combines the enhanced security of 1-Class classification (known as 1C) with the high performance of conventional 2-Class classification (known as 2C) in the absence of attacks. Our architecture is referred to as the 1.5-Class (cmb-classifier) classifier and is constructed using a final dense classifier, one 2C classifier (i.e., CNNs), and two parallel 1C classifiers (i.e., auto-encoders). In our experiments, we evaluated the robustness of our proposed architecture by considering eight possible adversarial attacks in various scenarios. We performed these attacks on the 2C and cmb-classifier architectures separately. The experimental results of our study showed that the Attack Success Rate (ASR) of the I-FGSM attack against a 2C classifier trained with the N-BaIoT dataset is 0.9900. In contrast, the ASR is 0.0000 for the cmb-classifier., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2023

6. Going in Style: Audio Backdoors Through Stylistic Transformations

Author

Koffas, S. (author), Pajola, Luca (author), Picek, S. (author), Conti, M. (author), Koffas, S. (author), Pajola, Luca (author), Picek, S. (author), and Conti, M. (author)

Abstract

This work explores stylistic triggers for backdoor attacks in the audio domain: dynamic transformations of malicious samples through guitar effects. We first formalize stylistic triggers – currently missing in the literature. Second, we explore how to develop stylistic triggers in the audio domain by proposing JingleBack. Our experiments confirm the effectiveness of the attack, achieving a 96% attack success rate. Our code is available in https://github.com/skoffas/going-in-style., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2023

7. An efficient and reliable ultralightweight RFID authentication scheme for healthcare systems

Author

Kumar, Anand (author), Singh, Karan (author), Shariq, Mohd (author), Lal, C. (author), Conti, M. (author), Amin, Ruhul (author), Chaudhry, Shehzad Ashraf (author), Kumar, Anand (author), Singh, Karan (author), Shariq, Mohd (author), Lal, C. (author), Conti, M. (author), Amin, Ruhul (author), and Chaudhry, Shehzad Ashraf (author)

Abstract

In the era of the Internet of Communication Technologies (ICT), the Internet is becoming more popular and widely used across the world. Radio Frequency IDentification (RFID) has become a prominent technology in healthcare systems for identifying tagged objects. The RFID tags are attached to the billions of different healthcare devices or things in several associated applications. However, RFID tags’ security and privacy are regarded as the two biggest concerns. An adversary might eavesdrop, tamper, or even intercept the transmitted messages in RFID systems. Also, the privacy of the users (patients, doctors, and nurses) may breach. In past years, numerous ultralightweight RFID authentication schemes have been proposed in the healthcare sector. However, all these schemes were pointed out as insecure under several known security attacks namely, replay, impersonation, full-disclosure, and de-synchronization attacks. Keeping in view such security flaws, we present an efficient and reliable ultralightweight RFID authentication scheme (ER2AS) for healthcare systems to enhance patients’ medication safety. The scheme employs bitwise XOR, circular left–right rotations, and our proposed ultralighweight reformation operation to achieve higher-level security. The security and privacy evaluations demonstrate that ER2AS scheme resists several known security attacks. The performance analysis also demonstrates that it incurs lower computation and storage overhead on the RFID tags, thus making it practical to be implemented in real-time healthcare environments., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2023

8. Astraea: Anonymous and Secure Auditing Based on Private Smart Contracts for Donation Systems

Author

Li, Meng (author), Chen, Yifei (author), Zhu, Liehaung (author), Zhang, Zijian (author), Ni, Jianbing (author), Lal, C. (author), Conti, M. (author), Li, Meng (author), Chen, Yifei (author), Zhu, Liehaung (author), Zhang, Zijian (author), Ni, Jianbing (author), Lal, C. (author), and Conti, M. (author)

Abstract

Many regions are in urgent need of facial masks for slowing down the spread of COVID-19. To fight the pandemic, people are contributing masks through donation systems. Most existing systems are built on a centralized architecture which is prone to the single point of failure and lack of transparency. Blockchain-based solutions neglect fundamental privacy concerns (donation privacy) and security attacks (collusion attack, stealing attack). Moreover, current auditing solutions are not designed to achieve donation privacy, thus not appropriate in our context. In this work, we design a decentralized, anonymous, and secure auditing framework Astraea based on private smart contracts for donation systems. Specifically, we integrate a Distribute Smart Contract (DiSC) with an SGX Enclave to distribute donations, prove the integrity of donation number (intention) and donation sum while preserving donation privacy. With DiSC, we design a Donation Smart Contract to refund deposits and defend against the stealing attack the collusion attack from malicious collector and transponder. We formally define and prove the privacy and security of Astraea by using security reduction. We build a prototype of Astraea to conduct extensive performance analysis. Experimental results demonstrate that Astraea is practically efficient in terms of both computation and communication., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Intelligent Systems, Cyber Security

Published

2023

9. BLUFADER: Blurred face detection & recognition for privacy-friendly continuous authentication

Author

Cardaioli, Matteo (author), Conti, M. (author), Orazi, Gabriele (author), Tricomi, Pier Paolo (author), Tsudik, Gene (author), Cardaioli, Matteo (author), Conti, M. (author), Orazi, Gabriele (author), Tricomi, Pier Paolo (author), and Tsudik, Gene (author)

Abstract

Authentication and de-authentication phases should occur at the beginning and end of secure user sessions, respectively. A secure session requires the user to pass the former, but the latter is often underestimated or ignored. Unattended or dangling sessions expose users to well-known Lunchtime Attacks. To mitigate this threat, researchers focused on automated de-authentication systems, either as a stand-alone mechanism or as a result of continuous authentication failures. Unfortunately, no single approach offers security, privacy, and usability. Face-recognition methods, for example, may be suitable for security and usability, but they violate user privacy by continuously recording their actions and surroundings. In this work, we propose BLUFADER, a novel continuous authentication system that takes advantage of blurred face detection and recognition to fast, secure, and transparent de-authenticate users, preserving their privacy. We obfuscate a webcam with a physical blur layer and use deep learning algorithms to perform face detection and recognition continuously. To evaluate BLUFADER's practicality, we collected two datasets formed by 30 recruited subjects (users) and thousands of physically blurred celebrity photos. The de-authentication system was trained and evaluated using the former, while the latter was used to appraise the privacy and increase variance at training time. To guarantee the privacy-preserving effectiveness of the selected physical blurring filter, we show that state-of-the-art deblurring models are not able to revert our physical blur. Further, we demonstrate that our approach outperforms state-of-the-art methods in detecting blurred faces, achieving up to 95% accuracy. Moreover, BLUFADER effectively de-authenticates users up to 100% accuracy in under 3 seconds, while satisfying security, privacy, and usability requirements. Last, our continuous authentication face recognition module based on Siamese Neural Network preventively protect user, Cyber Security

Published

2023

10. Intrusion Detection Framework for Invasive FPV Drones Using Video Streaming Characteristics

Author

Alsoliman, Anas (author), Rigoni, Giulio (author), Callegaro, Davide (author), Levorato, Marco (author), Pinotti, Cristina M. (author), Conti, M. (author), Alsoliman, Anas (author), Rigoni, Giulio (author), Callegaro, Davide (author), Levorato, Marco (author), Pinotti, Cristina M. (author), and Conti, M. (author)

Abstract

Cheap commercial off-the-shelf (COTS) First-Person View (FPV) drones have become widely available for consumers in recent years. Unfortunately, they also provide low-cost attack opportunities to malicious users. Thus, effective methods to detect the presence of unknown and non-cooperating drones within a restricted area are highly demanded. Approaches based on detection of drones based on emitted video stream have been proposed, but were not yet shown to work against other similar benign traffic, such as that generated by wireless security cameras. Most importantly, these approaches were not studied in the context of detecting new unprofiled drone types. In this work, we propose a novel drone detection framework, which leverages specific patterns in video traffic transmitted by drones. The patterns consist of repetitive synchronization packets (we call pivots), which we use as features for a machine learning classifier. We show that our framework can achieve up to 99% in detection accuracy over an encrypted WiFi channel using only 170 packets originated from the drone within 820ms time period. Our framework is able to identify drone 2 transmissions even among very similar WiFi transmissions (such as video streams originated from security cameras) as well as in noisy scenarios with background traffic. Furthermore, the design of our pivot features enables the classifier to detect unprofiled drones in which the classifier has never trained on and is refined using a novel feature selection strategy that selects the features that have the discriminative power of detecting new unprofiled drones., Cyber Security

Published

2023

11. Eunomia: Anonymous and Secure Vehicular Digital Forensics based on Blockchain

Author

Li, Meng (author), Chen, Yifei (author), Lal, C. (author), Conti, M. (author), Alazab, Mamoun (author), Hu, Donghui (author), Li, Meng (author), Chen, Yifei (author), Lal, C. (author), Conti, M. (author), Alazab, Mamoun (author), and Hu, Donghui (author)

Abstract

Vehicular Digital Forensics (VDF) is essential to enable liability cognizance of accidents and fight against crimes. Ensuring the authority to timely gather, analyze, and trace data promotes vehicular investigations. However, adversaries crave the identity of the data provider/user, damage the evidence, violate evidence jurisdiction, and leak evidence. Therefore, protecting privacy and evidence accountability while guaranteeing access control and traceability in VDF is no easy task. To address the above-mentioned issues, we propose Eunomia: an anonymous and secure VDF scheme based on blockchain. It preserves privacy with decentralized anonymous credentials without trusted third parties. Vehicular data and evidence are uploaded by data providers to the blockchain and stored in distributed data storage. Each investigation is modeled as a finite state machine with state transitions being executed by smart contracts. Eunomia achieves fine-grained evidence access control via ciphertext-policy attribute-based encryption and Bulletproofs. A user must hold specific attributes and a temporary-and unexpired token/warrant to retrieve data from the blockchain. Finally, a secret key is embedded into data to trace the traitor if any evidence breach happens. We use a formal analysis to demonstrate the strong privacy and security properties of Eunomia. Moreover, we build a prototype in a WiFi-based Ethereum test network to evaluate its performance., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2023

12. Privacy-Preserving and Security in SDN-based IoT: A Survey

Author

Ahmadvand, Hossein (author), Lal, C. (author), Hemmati, Hadi (author), Sookhak, Mehdi (author), Conti, M. (author), Ahmadvand, Hossein (author), Lal, C. (author), Hemmati, Hadi (author), Sookhak, Mehdi (author), and Conti, M. (author)

Abstract

In recent years, the use of Software Defined Networking (SDN) has increased due to various network management requirements. Using SDN in computer network applications has brought several benefits to users, including lower operational costs, better hardware management, flexibility, and centralized network deployment. On the other hand, the Internet of Things (IoT) is another rapidly growing technology. Distributed and dynamic infrastructures are two critical characteristics of IoT. These characteristics lead to some challenges while using SDN in IoT in terms of security and privacy. In this paper, we address security and privacy issues and solutions for SDN-based IoT systems. We analyze the techniques used for defense in previous works to achieve an acceptable level of security and privacy protection in SDN-based IoT systems. In the data plane, SDN-based IoT papers have considered hashing and encryption techniques, in the control plane, certificate authority and access control have been analyzed, and in the application plane, attack detection, and authentication have been discussed. We also provide a statistical analysis of the existing work. This analysis shows that researchers have focused on certain areas more than others in recent years. The final analysis also highlights issues that previous researchers have ignored., Cyber Security

Published

2023

13. Threat Sensitive Networking: On the Security of IEEE 802.1CB and (un)Effectiveness of Existing Security Solutions

Author

de Vos, Adriaan (author), Brighente, Alessandro (author), Conti, M. (author), de Vos, Adriaan (author), Brighente, Alessandro (author), and Conti, M. (author)

Abstract

IEEE 802.1CB provides a standard for reliable packet delivery within Time-Sensitive Networking (TSN). As this standard is envisioned to be used in mission-critical networks in the near future, it has to be protected against security threats. The integrity of the network communication should be the biggest focus as guaranteed delivery is essential. However, IEEE 802.1CB does not come with security guarantees. Indeed, as we show in this paper, an attacker may be able to exploit different threat vectors to impair the correctness of communication, impacting on the safety of users. Due to TSN strict delay and reliability requirements, classical security solutions can not be easily applied without significant efforts. Therefore, researchers proposed multiple solutions to guarantee secure communication. However, the current state-of-the-art is not able to guarantee both security and timing guarantees. In this paper, we provide a detailed analysis of the security of IEEE 802.1CB exploiting the STRIDE methodology. Compared to the existing state-of-the art on the subject, we provide a deeper analysis of the possible threats and their effect. We then analyze available solutions for security in IEEE 802.1CB, and compare their performance in terms of time, reliability, and security guarantees. Based on our analysis, we show that, although there exist promising solutions trying to provide security to 802.1CB, there is still a gap to be filled both in terms of security and latency guarantees., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2023

14. Dynamic Super Round-Based Distributed Task Scheduling for UAV Networks

Author

Halder, Subir (author), Ghosal, Amrita (author), Conti, M. (author), Halder, Subir (author), Ghosal, Amrita (author), and Conti, M. (author)

Abstract

Networks of Unmanned Aerial Vehicles (UAVs) are emerging in many application domains, e.g., military surveillance. To perform collaborative tasks, the involved UAVs exchange several types of information, e.g., sensor data and commands. The major question here is how to schedule the tasks under dynamic traffic flows to provide network services. Existing solutions use the Round-Robin Strategy (RRS), where the tasks are scheduled statistically by dividing the time into fixed-length rounds. However, the RRS wastes significant network and device resources due to task scheduling in each round. This paper proposes DROVE-a novel clustering approach that allows the UAVs for dynamic task scheduling. However, determining the task scheduling is crucial, as it significantly affects several network parameters, e.g., throughput. Therefore, we devise the problem of distributed task scheduling under dynamic traffic flow scenarios to optimize the throughput. We propose a clustering task scheduling algorithm to serve dynamic traffic flows. Particularly, we integrate the dynamic traffic flows into the Lyapunov drift analysis framework, and determine the throughput optimality of our proposed scheduling algorithm. We perform extensive simulations to validate the effectiveness of DROVE. The results show that DROVE outperforms the state-of-The-Art solutions in terms of energy consumption, clustering overhead, throughput, end-To-end delay, flow success rate and packet drop rate., Cyber Security

Published

2023

15. A Location-Aware and Healing Attestation Scheme for Air-Supported Internet of Vehicles

Author

El-Zawawy, Mohamed A. (author), Lal, C. (author), Conti, M. (author), El-Zawawy, Mohamed A. (author), Lal, C. (author), and Conti, M. (author)

Abstract

With the rapid technological advancement in the Internet of Things (IoT) and Internet of Vehicles (IoV), we witness exponential growth of Connected and Autonomous Vehicles (CAVs). However, these integrations of IoV with other technologies make the IoV network and its interaction between different network components highly complex. Therefore, ensuring the correct functioning of the firmware and software running on these next-generation vehicles becomes an essential requirement. A feasible method to address the aforementioned security issues is Remote Attestation (RA). However, the advancement in the attackers' approaches and the increased complexity, large network size, and vehicle mobility allow the attacks to bypass these security solutions, making RA less effective. In this paper, we propose LHASIoV, an attestation and healing protocol for IoV. LHASIoV has many features such as competent-wise (treats different entities of the system differently), geographical location-aware (traces forensics of security breaches and eases healing compromised vehicles), gradual healing (via slicing the healing software) of compromised vehicles, and resistance to single-point-of-failure. We provide proof-of-concept implementation and formal operational and security analysis for LHASIoV. To show its practical feasibility and effectiveness, we provide performance analysis by implementing it on the Omnetpp simulator. The simulation results show that for an IoV system that has 100 vehicles moving with a speed range of 15-25 mph, LHASIoV needed only 5.27 seconds to complete the vehicle's attestation. For this number of vehicles and compared to the existing protocols, LHASIoV reduced the communication and storage costs on average by 54.46% and 43.92%, respectively., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2023

16. Modern Authentication Schemes in Smartphones and IoT Devices: An Empirical Survey

Author

Ahvanooey, Milad Taleby (author), Zhu, Mark Xuefang (author), Li, Qianmu (author), Mazurczyk, Wojciech (author), Choo, Kim Kwang Raymond (author), Gupta, Brij B. (author), Conti, M. (author), Ahvanooey, Milad Taleby (author), Zhu, Mark Xuefang (author), Li, Qianmu (author), Mazurczyk, Wojciech (author), Choo, Kim Kwang Raymond (author), Gupta, Brij B. (author), and Conti, M. (author)

Abstract

User authentication remains a challenging issue, despite the existence of a large number of proposed solutions, such as traditional text-based, graphical-based, biometrics-based, Web-based, and hardware-based schemes. For example, some of these schemes are not suitable for deployment in an Internet of Things (IoT) setting, partly due to the hardware and/or software constraints of IoT devices. The increasing popularity and pervasiveness of IoT equipment in a broad range of settings reinforces the importance of ensuring the security and privacy of IoT devices. Therefore, in this article, we conduct a comprehensive literature review and an empirical study to gain an in-depth understanding of the different authentication schemes as well as their vulnerabilities and deficits against various types of cyberattacks when applied in IoT-based systems. Based on the identified limitations, we recommend several mitigation strategies and discuss the practical implications of our findings., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

17. Research trends, challenges, and emerging topics in digital forensics: A review of reviews

Author

Casino, Fran (author), Dasaklis, Thomas K. (author), Spathoulas, George (author), Anagnostopoulos, Marios (author), Ghosal, Amrita (author), Borocz, Istvan (author), Solanas, Agusti (author), Conti, M. (author), Patsakis, Constantinos (author), Casino, Fran (author), Dasaklis, Thomas K. (author), Spathoulas, George (author), Anagnostopoulos, Marios (author), Ghosal, Amrita (author), Borocz, Istvan (author), Solanas, Agusti (author), Conti, M. (author), and Patsakis, Constantinos (author)

Abstract

Due to its critical role in cybersecurity, digital forensics has received significant attention from researchers and practitioners alike. The ever increasing sophistication of modern cyberattacks is directly related to the complexity of evidence acquisition, which often requires the use of several technologies. To date, researchers have presented many surveys and reviews on the field. However, such articles focused on the advances of each particular domain of digital forensics individually. Therefore, while each of these surveys facilitates researchers and practitioners to keep up with the latest advances in a particular domain of digital forensics, the global perspective is missing. Aiming to fill this gap, we performed a qualitative review of all the relevant reviews in the field of digital forensics, determined the main topics on digital forensics topics and identified their main challenges. Despite the diversity of topics and methods, there are several common problems that are faced by almost all of them, with most of them residing in evidence acquisition and pre-processing due to counter analysis methods and difficulties of collecting data from devices, the cloud etc. Beyond pure technical issues, our study highlights procedural issues in terms of readiness, reporting and presentation, as well as ethics, highlighting the European perspective which is traditionally stricter in terms of privacy. Our extensive analysis paves the way for closer collaboration among researcher and practitioners among different topics of digital forensics., Cyber Security

Published

2022

18. Can You Hear It? Backdoor Attacks via Ultrasonic Triggers

Author

Koffas, S. (author), Xu, J. (author), Conti, M. (author), Picek, S. (author), Koffas, S. (author), Xu, J. (author), Conti, M. (author), and Picek, S. (author)

Abstract

This work explores backdoor attacks for automatic speech recognition systems where we inject inaudible triggers. By doing so, we make the backdoor attack challenging to detect for legitimate users and, consequently, potentially more dangerous. We conduct experiments on two versions of a speech dataset and three neural networks and explore the performance of our attack concerning the duration, position, and type of the trigger. Our results indicate that less than 1% of poisoned data is sufficient to deploy a backdoor attack and reach a 100% attack success rate. We observed that short, non-continuous triggers result in highly successful attacks. Still, since our trigger is inaudible, it can be as long as possible without raising any suspicions making the attack more effective. Finally, we conduct our attack on actual hardware and saw that an adversary could manipulate inference in an Android application by playing the inaudible trigger over the air., Cyber Security

Published

2022

19. Effect of DIS Attack on 6TiSCH Network Formation

Author

Kalita, Alakesh (author), Brighente, Alessandro (author), Khatua, Manas (author), Conti, M. (author), Kalita, Alakesh (author), Brighente, Alessandro (author), Khatua, Manas (author), and Conti, M. (author)

Abstract

The 6TiSCH standard provides minimum latency and reliability in mission-critical IoT applications. To optimize resource allocation during 6TiSCH network formation, IETF released the 6TiSCH minimal configuration (6TiSCH-MC) standard. 6TiSCH-MC considered IETF's IPv6 Routing Protocol for Low power and Lossy network (RPL) as a routing protocol for both upward and downward routing. In RPL, new joining nodes or joined nodes transmit DODAG Information Solicitation (DIS) requests to get routing information from the network. However, we observe that malicious node(s) can severely affect 6TiSCH networks by sending multiple DIS requests. In this letter, we show and experimentally evaluate on real devices the impact of the DIS attack during 6TiSCH networks formation. We show that the attacker does not need expensive resources or access to the network's sensitive information to execute the DIS attack. Our testbed experiments show that the DIS attack significantly degrades the nodes' joining time and energy consumption, increasing them by 34% and 16%, respectively, compared to normal functioning during 6TiSCH network formation., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

20. User-Defined Privacy-Preserving Traffic Monitoring Against n-by-1 Jamming Attack

Author

Li, Meng (author), Zhu, Liehuang (author), Zhang, Zijian (author), Lal, C. (author), Conti, M. (author), Alazab, Mamoun (author), Li, Meng (author), Zhu, Liehuang (author), Zhang, Zijian (author), Lal, C. (author), Conti, M. (author), and Alazab, Mamoun (author)

Abstract

Traffic monitoring services collect traffic reports and respond to users' traffic queries. However, the reports and queries may reveal the user's identity and location. Although different anonymization techniques have been applied to protect user privacy, a new security threat arises, namely, n-by-1 jamming attack, in which an anonymous contributing driver impersonates n drivers and uploads n normal reports by using n reporting devices. Such an attack will mislead the traffic monitoring service provider and further degrade the service quality. Existing traffic monitoring services do not support customized queries, and private information retrieval techniques cannot be applied directly in traffic monitoring. We formally define the new attack and propose a traffic monitoring scheme TraJ to defend the attack and achieve user-defined location privacy. Specifically, we bridge anonymous contributing drivers without disclosing their speed set by using private set intersection. Each RSU collects time traffic reports and structures a weighted proximity graph to filter out malicious colluding drivers. We design a user-defined privacy-preserving query method by encoding complex road network. We leverage the uploading phase from private aggregation to collect traffic conditions and allow requesting drivers to dynamically and privately query traffic conditions. We provide a formal analysis of TraJ to prove its privacy and security properties. We also construct a prototype based on a real-world dataset and Android smartphones to demonstrate its feasibility and efficiency. A formal analysis demonstrates the privacy and security properties. Extensive experiments illustrate the performance and defense efficacy., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

21. Mnemosyne: Privacy-Preserving Ride Matching With Collusion-Resistant Driver Exclusion

Author

Li, Meng (author), Gao, Jianbo (author), Zhu, Liehuang (author), Zhang, Zijian (author), Lal, C. (author), Conti, M. (author), Alazab, Mamoun (author), Li, Meng (author), Gao, Jianbo (author), Zhu, Liehuang (author), Zhang, Zijian (author), Lal, C. (author), Conti, M. (author), and Alazab, Mamoun (author)

Abstract

Ride-Hailing Service (RHS) has drawn plenty of attention as it provides transportation convenience for riders and financial incentives for drivers. Despite these benefits, riders risk the exposure of sensitive location data during ride requesting to an untrusted Ride-Hailing Service Provider (RHSP). Our motivation arises from repetitive matching, i.e., the same driver is repetitively assigned to the same rider. Meanwhile, we introduce a driver exclusion function to protect riders' location privacy. Existing work on privacy-preserving RHS overlooks this function. While Secure k Nearest Neighbor (SkNN) facilitates efficient matching, the state-of-the-art neglects a collusion attack. To solve this problem, we formally define repetitive matching and strong location privacy, and propose Mnemosyne: privacy-preserving ride matching with collusion-resistant driver exclusion. We extend the simple integration of equality checking and item exclusion to a dynamic integration. We concatenate each prefix of an acceptable identity range to each location code when generating a ride request, i.e., secure mix index. We process each prefix of the driver identity to generate a ride response, i.e., a mix token. We build an indistinguishable Bloom-filter as an index to query the token. When matching riders with drivers, the colluding parties cannot distinguish identity prefixes from location codes. We build a prototype of Mnemosyne based on servers, smartphones, and a real-world dataset. Experimental results demonstrate that Mnemosyne outperforms existing work regarding strong location privacy and computational costs., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

22. On the feasibility of crawling-based attacks against recommender systems

Author

Aiolli, Fabio (author), Conti, M. (author), Picek, S. (author), Polato, M. (author), Aiolli, Fabio (author), Conti, M. (author), Picek, S. (author), and Polato, M. (author)

Abstract

Nowadays, online services, like e-commerce or streaming services, provide a personalized user experience through recommender systems. Recommender systems are built upon a vast amount of data about users/items acquired by the services. Such knowledge represents an invaluable resource. However, commonly, part of this knowledge is public and can be easily accessed via the Internet. Unfortunately, that same knowledge can be leveraged by competitors or malicious users. The literature offers a large number of works concerning attacks on recommender systems, but most of them assume that the attacker can easily access the full rating matrix. In practice, this is never the case. The only way to access the rating matrix is by gathering the ratings (e.g., reviews) by crawling the service's website. Crawling a website has a cost in terms of time and resources. What is more, the targeted website can employ defensive measures to detect automatic scraping. In this paper, we assess the impact of a series of attacks on recommender systems. Our analysis aims to set up the most realistic scenarios considering both the possibilities and the potential attacker's limitations. In particular, we assess the impact of different crawling approaches when attacking a recommendation service. From the collected information, we mount various profile injection attacks. We measure the value of the collected knowledge through the identification of the most similar user/item. Our empirical results show that while crawling can indeed bring knowledge to the attacker (up to 65% of neighborhood reconstruction on a mid-size dataset and up to 90% on a small-size dataset), this will not be enough to mount a successful shilling attack in practice., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

23. Graph Encryption for Shortest Path Queries with k Unsorted Nodes

Author

Li, Meng (author), Gao, Jianbo (author), Zhang, Zijian (author), Fu, Chaoping (author), Lal, C. (author), Conti, M. (author), Li, Meng (author), Gao, Jianbo (author), Zhang, Zijian (author), Fu, Chaoping (author), Lal, C. (author), and Conti, M. (author)

Abstract

Shortest distance queries over large-scale graphs bring great benefits to various applications, i.e., save planning time and travelling expenses. To protect the sensitive nodes and edges in the graph, a user outsources an encrypted graph to an untrusted server without losing the query ability. However, no prior work has considered the user requirement of the shortest path with k unsorted nodes. In particular, we are concerned with how to securely find the shortest path by passing k nodes that do not have a fixed traverse order. To solve the problems, we propose Gespun (stands for Graph encryption for shortest path queries with k unordered nodes). It includes an oracle encryption scheme that is provably secure against the semi-honest server. Specifically, we compute the shortest paths and distances for all nodes locally to obtain path-distance oracles. We transform the shortest paths to a sequence of secure codes by using a pseudo-random permutation to protect the structure privacy. We encrypt the shortest distance by using additively homomorphic encryption. Second, we pack the oracles in link-list nodes and store them in an array-based dictionary after another permutation. Next, we construct a search graph to compute the shortest path while guaranteeing that the path passes the required k nodes. We formally prove that Gespun is adaptively semantically-secure in the random oracle. We implement a prototype of Gespun and evaluate its performance. Experiments results demonstrate that Gespun is efficient, e.g., a query over 6301 nodes, 20777 edges, and 5 unsorted nodes only needs 483 ms to get queried results. We believe that our research problem span new research that soon promotes a new line of graph encryption schemes., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

24. The Cross-evaluation of Machine Learning-based Network Intrusion Detection Systems

Author

Apruzzese, Giovanni (author), Pajola, Luca (author), Conti, M. (author), Apruzzese, Giovanni (author), Pajola, Luca (author), and Conti, M. (author)

Abstract

Enhancing Network Intrusion Detection Systems (NIDS) with supervised Machine Learning (ML) is tough. ML-NIDS must be trained and evaluated, operations requiring data where benign and malicious samples are clearly labeled. Such labels demand costly expert knowledge, resulting in a lack of real deployments, as well as on papers always relying on the same outdated data. The situation improved recently, as some efforts disclosed their labeled datasets. However, most past works used such datasets just as a 'yet another' testbed, overlooking the added potential provided by such availability. In contrast, we promote using such existing labeled data to cross-evaluate ML-NIDS. Such approach received only limited attention and, due to its complexity, requires a dedicated treatment. We hence propose the first cross-evaluation model. Our model highlights the broader range of realistic use-cases that can be assessed via cross-evaluations, allowing the discovery of still unknown qualities of state-of-the-art ML-NIDS. For instance, their detection surface can be extended - at no additional labeling cost. However, conducting such cross-evaluations is challenging. Hence, we propose the first framework, XeNIDS, for reliable cross-evaluations based on Network Flows. By using XeNIDS on six well-known datasets, we demonstrate the concealed potential, but also the risks, of cross-evaluations of ML-NIDS., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

25. HTTPScout: A Machine Learning based Countermeasure for HTTP Flood Attacks in SDN

Author

Mohammadi, Reza (author), Lal, C. (author), Conti, M. (author), Mohammadi, Reza (author), Lal, C. (author), and Conti, M. (author)

Abstract

Nowadays, the number of Distributed Denial of Service (DDoS) attacks is growing rapidly. The aim of these type of attacks is to make the prominent and critical services unavailable for legitimate users. HTTP flooding is one of the most common DDoS attacks and because of its implementation in application layer, it is difficult to detect and prevent by the current defense mechanisms. This attack not only makes the web servers unavailable, but consumes the computational resources of the network equipment and congests communication links. Recently, the advent of Software Defined Networking (SDN) paradigm has enabled the network providers to detect and mitigate application layer DDoS attacks such as HTTP flooding. In this paper, we propose a defense mechanism named HTTPScout which leverages the benefits of SDN together with Machine Learning (ML) techniques to detect and mitigate HTTP flooding attack. HTTPScout is implemented as a security module in RYU controller and monitors the behavior of HTTP traffic flows. Upon detecting a malicious flow, it blocks the source of the attack at the edge switch and preserves the network resources from the adversarial effects of the attack. Simulation results confirm that HTTPScout brings a significant improvement of 64% in bandwidth consumption and 80% in the number of forwarding rules compared to normal SDN., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

26. CovertSYS: A systematic covert communication approach for providing secure end-to-end conversation via social networks

Author

Ahvanooey, Milad Taleby (author), Zhu, Mark Xuefang (author), Mazurczyk, Wojciech (author), Li, Qianmu (author), Kilger, Max (author), Choo, Kim Kwang Raymond (author), Conti, M. (author), Ahvanooey, Milad Taleby (author), Zhu, Mark Xuefang (author), Mazurczyk, Wojciech (author), Li, Qianmu (author), Kilger, Max (author), Choo, Kim Kwang Raymond (author), and Conti, M. (author)

Abstract

While encryption can prevent unauthorized access to a secret message, it does not provide undetectability of covert communications over the public network. Implementing a highly latent data exchange, especially with low eavesdropping/discovery probability, is challenging for practical scenarios, such as social and political movements in authoritarian regimes, military operations, and privacy preservation. Moreover, the current literature suffers from a low embedding capacity and monolingual applicability, limiting the amount of hiding secret data within short text messages using state-of-the-art algorithms, e.g., linguistic-based, structural-based, or coverless-based solutions. In this paper, we present a systematic covert communication technique called CovertSYS that enables a multilingual secure end-to-end conversation via messaging or social network platforms. The CovertSYS functions by encrypting a confidential message using a multi-factor authentication scheme and converting the encoded binary data into hidden Unicode symbols to be transmitted under cover of short text messages. We then conduct extensive experiments to confirm the security and validity of the proposed technique against state-of-the-art approaches. Our experimental results show that the CovertSYS provides a superior mean performance of 91.53% by improving the criteria scores: embedding capacity rate of 100%, imperceptibility rate of 76.4%, and distortion robustness rate of 98.2%. Finally, we discuss the practical implications of the proposed technique compared to the existing text steganography methods., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

27. Nereus: Anonymous and Secure Ride-Hailing Service based on Private Smart Contracts

Author

Li, Meng (author), Chen, Yifei (author), Lal, C. (author), Conti, M. (author), Martinelli, Fabio (author), Alazab, Mamoun (author), Li, Meng (author), Chen, Yifei (author), Lal, C. (author), Conti, M. (author), Martinelli, Fabio (author), and Alazab, Mamoun (author)

Abstract

Security and privacy issues have become a major hindrance to the broad adoption of Ride-Hailing Services (RHSs). In this article, we introduce a new collusion attack initiated by the Ride-Hailing Service Provider (RHSP) and a driver that could easily link the real riders and their anonymous requests (credentials). Besides this attack, existing work requires heavy computations to execute user matching, and it is challenging for riders to verify matching results. Meanwhile, a malicious driver may cancel an assigned ride order due to its short distance. To address these issues, we present a RHS system named Nereus to support collusion resistance, efficiency, verifiability, and accountability. First, we integrate a smart contract into a Software Guard Extensions (SGX) enclave to establish a private smart contract for collusion resistance. We use a Bloom filter to achieve efficient matching. Second, we leverage privacy-preserving range query and Merkle proofs to make matching results verifiable. Meanwhile, we adopt short group signatures to provide anonymous authentication and deposit commitments to hold the runaway driver accountable. We formally state and prove the security and privacy of Nereus. We build a prototype based on Ethereum and SGX to conduct extensive performance analysis in regard to gas costs, computational costs, and communication overhead. Experimental results show that Nereus significantly improves over existing schemes in terms of computational costs., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Intelligent Systems, Cyber Security

Published

2022

28. For Your Voice Only: Exploiting Side Channels in Voice Messaging for Environment Detection

Author

Cardaioli, Matteo (author), Conti, M. (author), Ravindranath, A. (author), Cardaioli, Matteo (author), Conti, M. (author), and Ravindranath, A. (author)

Abstract

Voice messages are an increasingly popular method of communication, accounting for more than 200 million messages a day. Sending audio messages requires a user to invest lesser effort than texting while enhancing the message’s meaning by adding an emotional context (e.g., irony). Unfortunately, we suspect that voice messages might provide much more information than intended to prying ears of a listener. In fact, speech audio waves are both directly recorded by the microphone and propagated into the environment, and possibly reflected back to the microphone. Reflected waves along with ambient noise are also recorded by the microphone and sent as part of the voice message. In this paper, we propose a novel attack for inferring detailed information about user location (e.g., a specific room) leveraging a simple WhatsApp voice message. We demonstrated our attack considering 7,200 voice messages from 15 different users and four environments (i.e., three bedrooms and a terrace). We considered three realistic attack scenarios depending on previous knowledge of the attacker about the victim and the environment. Our thorough experimental results demonstrate the feasibility and efficacy of our proposed attack. We can infer the location of the user among a pool of four known environments with 85% accuracy. Moreover, our approach reaches an average accuracy of 93% in discerning between two rooms of similar size and furniture (i.e., two bedrooms) and an accuracy of up to 99% in classifying indoor and outdoor environments., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security, Electrical Engineering, Mathematics and Computer Science

Published

2022

29. Adaptive Intrusion Detection in Edge Computing Using Cerebellar Model Articulation Controller and Spline Fit

Author

Kumar, Gulshan (author), Saha, Rahul (author), Conti, M. (author), Thomas, Reji (author), Devgun, Tannishtha (author), Rodrigues, Joel J.P.C. (author), Kumar, Gulshan (author), Saha, Rahul (author), Conti, M. (author), Thomas, Reji (author), Devgun, Tannishtha (author), and Rodrigues, Joel J.P.C. (author)

Abstract

Internet-of-Thing (IoT) faces various security attacks. Different solutions exist to mitigate the intrusion problems. However, the existing solutions lack behind in dealing with heterogeneity of attack sources and features. The future anticipated demand of devices' connections also urge the need of new solutions addressing the concerns of time consumption and complexity. In this article, we show a novel solution for the intrusion detection in IoT framework. We configure the intrusion detection in the edge computing layer so that the effect of the attack is not propagated to the clouds. Our solution uses cerebellar model articulation controller with kernel map. This combination is very new in the direction of intrusion detection; hence, it emphasizes the novelty of our proposed intrusion detection solution. We name our solution as Cerebellar Model Articulation Controller based Intrusion Detection System (CMACIDS). Additionally, we use spline fitting to the kernel mapping for the model fit; this adds on another novel contribution to CMACIDS. The results obtained with our detection system are compared with the state-of-the-art solutions in terms of complexity, false alarms, and precision of detection. The analysis of the comparative study proves the efficiency of the solution and makes CMACIDS suitable for IoT paradigm., Cyber Security

Published

2022

30. Dynamic Backdoors with Global Average Pooling

Author

Koffas, S. (author), Picek, S. (author), Conti, M. (author), Koffas, S. (author), Picek, S. (author), and Conti, M. (author)

Abstract

Outsourced training and machine learning as a service have resulted in novel attack vectors like backdoor attacks. Such attacks embed a secret functionality in a neural network activated when the trigger is added to its input. In most works in the literature, the trigger is static, both in terms of location and pattern. The effectiveness of various detection mechanisms depends on this property. It was recently shown that countermeasures in image classification, like Neural Cleanse and ABS, could be bypassed with dynamic triggers that are effective regardless of their pattern and location. Still, such backdoors are demanding as they require a large percentage of poisoned training data. In this work, we are the first to show that dynamic backdoor attacks could happen due to a global average pooling layer without increasing the percentage of the poisoned training data. Nevertheless, our experiments in sound classification, text sentiment analysis, and image classification show this to be very difficult in practice., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

31. A few-shot malware classification approach for unknown family recognition using malware feature visualization

Author

Conti, M. (author), Khandhar, Shubham (author), Vinod, P. (author), Conti, M. (author), Khandhar, Shubham (author), and Vinod, P. (author)

Abstract

With the ever-increasing threat of malware attacks, building an effective malware classifier to detect malware promptly is of utmost importance. Malware visualization approaches and deep learning techniques have proven effective in classifying sophisticated malware from benchmark datasets. A major problem with traditional deep learning classifier is the need to re-train the classifier when a new malware family emerges. In this paper, we propose few-shot classification techniques which allows us to classify malware based on a few instances and without the need for re-training the classifier for novel malware families. We also propose a novel malware visualization technique that can represent a malware binary as a 3-channel image. We experiment with two distinct few-shot learning architectures namely CSNN (Convolutional Siamese Neural Network) and Shallow-FS (Shallow Few-Shot). CSNN is more suitable when scarce data is available for training, otherwise Shallow-FS can be used to achieve better performance. Our architectures outperforms state of the art few-shot learning approaches and achieves high accuracy in traditional malware classification. Our experiments show our models’ ability to classify recent and novel malware families from just a few instances with high accuracy., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

32. Quantifying Location Privacy for Navigation Services in Sustainable Vehicular Networks

Author

Li, Meng (author), Chen, Yifei (author), Kumar, Neeraj (author), Lal, C. (author), Conti, M. (author), Alazab, Mamoun (author), Li, Meng (author), Chen, Yifei (author), Kumar, Neeraj (author), Lal, C. (author), Conti, M. (author), and Alazab, Mamoun (author)

Abstract

Current connected and autonomous vehicles will contribute to various and green vehicular services. However, sharing personal data with untrustworthy Navigation Service Providers (NSPs) raises serious location concerns. To address this issue, many Location Privacy-Preserving Mechanisms (LPPMs) have been proposed. In addition, several quantification methods have been designed to help understand location privacy and illustrate how location privacy is leaked. However, their assessment is insufficient due to the incomplete assumptions about the adversary’s model. In particular, users tend to request the same navigation routes from home to workplace and acquire traffic information along the route. An adversary can collect the coordinates of adjacent locations and infer the two true locations. In this paper, we provide a formal framework for the analysis of LPPMs in navigation services. Our framework captures extra information that is available to an adversary performing localization attacks. By formalizing the adversary’s performance, we also propose and justify two new metrics to quantify location privacy in navigation services, namely accuracy and visibility. We assess the efficacy of two popular LPPMs for location privacy, i.e., differential privacy and k-anonymity. Experimental results demonstrate that the adversary can recover users’ locations with a high probability., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

33. Software defined network-based HTTP flooding attack defender

Author

Mohammadi, Reza (author), Lal, C. (author), Conti, M. (author), Sharma, Lokesh (author), Mohammadi, Reza (author), Lal, C. (author), Conti, M. (author), and Sharma, Lokesh (author)

Abstract

In recent years, the explosive growth of the Internet has led to an increment in the number of Distributed Denial of Service (DDoS) attacks. HTTP Flooding is a critical DDoS attack that targets HTTP servers to prohibit users from receiving HTTP services. Moreover, it saturates the link bandwidth and consumes network resources. Because the attack is launched at the application layer, it is difficult to defend against it using current countermeasures such as firewall or Intrusion Prevention System (IPS). In this paper, we propose SHFD, which leverages the Software-Defined Networking (SDN) paradigm to mitigate HTTP flooding attacks. We implement SHFD as a defender module on the SDN controller to detect and mitigate the attack in the first place. Experimental results gathered from Mininet confirm that SHFD brings a significant improvement of 13% in detection time and 29% in the number of blocked malicious flows compared to the state-of-the-art approaches., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

34. Privacy-Friendly De-Authentication with BLUFADE: Blurred Face Detection

Author

Cardaioli, Matteo (author), Conti, M. (author), Tricomi, Pier Paolo (author), Tsudik, Gene (author), Cardaioli, Matteo (author), Conti, M. (author), Tricomi, Pier Paolo (author), and Tsudik, Gene (author)

Abstract

Ideally, secure user sessions should start and end with authentication and de-Authentication phases, respectively. While the user must pass the former to start a secure session, the latter's importance is often ignored or underestimated. Dangling or unattended sessions expose users to well-known Lunchtime Attacks. To mitigate this threat, the research community focused on automated de-Authentication systems. Unfortunately, no single approach offers security, privacy, and usability. For instance, although facial recognition-based methods might be a good fit for security and usability, they violate user privacy by constantly recording the user and the surrounding environment.In this work, we propose BLUFADE, a fast, secure, and transparent de-Authentication system that takes advantage of blurred faces to preserve user privacy. We obfuscate a webcam with a physical blur layer and use deep learning algorithms to perform face detection continuously. To assess BLUFADE's practicality, we collected two datasets formed by 30 recruited subjects (users) and thousands of physically blurred celebrity photos. The former was used to train and evaluate the deauthentication system performances, the latter to assess the privacy and to increase variance in training data. We show that our approach outperforms state-of-The-Art methods in detecting blurred faces, achieving up to 95% accuracy. Furthermore, we demonstrate that BLUFADE effectively de-Authenticates users up to 100% accuracy in under 3 seconds, while satisfying security, privacy, and usability requirements., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

35. SpacePhish: The Evasion-space of Adversarial Attacks against Phishing Website Detectors using Machine Learning

Author

Apruzzese, Giovanni (author), Conti, M. (author), Yuan, Ying (author), Apruzzese, Giovanni (author), Conti, M. (author), and Yuan, Ying (author)

Abstract

Existing literature on adversarial Machine Learning (ML) focuses either on showing attacks that break every ML model, or defenses that withstand most attacks. Unfortunately, little consideration is given to the actual cost of the attack or the defense. Moreover, adversarial samples are often crafted in the "feature-space", making the corresponding evaluations of questionable value. Simply put, the current situation does not allow to estimate the actual threat posed by adversarial attacks, leading to a lack of secure ML systems. We aim to clarify such confusion in this paper. By considering the application of ML for Phishing Website Detection (PWD), we formalize the "evasion-space"in which an adversarial perturbation can be introduced to fool a ML-PWD-demonstrating that even perturbations in the "feature-space"are useful. Then, we propose a realistic threat model describing evasion attacks against ML-PWD that are cheap to stage, and hence intrinsically more attractive for real phishers. Finally, we perform the first statistically validated assessment of state-of-the-art ML-PWD against 12 evasion attacks. Our evaluation shows (i) the true efficacy of evasion attempts that are more likely to occur; and (ii) the impact of perturbations crafted in different evasion-spaces. Our realistic evasion attempts induce a statistically significant degradation (3-10% at p < 0.05), and their cheap cost makes them a subtle threat. Notably, however, some ML-PWD are immune to our most realistic attacks (p=0.22). Our contribution paves the way for a much needed re-assessment of adversarial attacks against ML systems for cybersecurity., Cyber Security

Published

2022

36. Label-Only Membership Inference Attack against \\Node-Level Graph Neural Networks

Author

Conti, M. (author), Li, Jiaxin (author), Picek, S. (author), Xu, J. (author), Conti, M. (author), Li, Jiaxin (author), Picek, S. (author), and Xu, J. (author)

Abstract

Graph Neural Networks (GNNs), inspired by Convolutional Neural Networks (CNNs), aggregate the message of nodes' neighbors and structure information to acquire expressive representations of nodes for node classification, graph classification, and link prediction. Previous studies have indicated that node-level GNNs are vulnerable to Membership Inference Attacks (MIAs), which infer whether a node is in the training data of GNNs and leak the node's private information, like the patient's disease history. The implementation of previous MIAs takes advantage of the models' probability output, which is infeasible if GNNs only provide the prediction label (label-only) for the input. In this paper, we propose a label-only MIA against GNNs for node classification with the help of GNNs' flexible prediction mechanism, e.g., obtaining the prediction label of one node even when neighbors' information is unavailable. Our attacking method achieves around 60\% accuracy, precision, and Area Under the Curve (AUC) for most datasets and GNN models, some of which are competitive or even better than state-of-the-art probability-based MIAs implemented under our environment and settings. Additionally, we analyze the influence of the sampling method, model selection approach, and overfitting level on the attack performance of our label-only MIA. All of those three factors have an impact on the attack performance. Then, we consider scenarios where assumptions about the adversary's additional dataset (shadow dataset) and extra information about the target model are relaxed. Even in those scenarios, our label-only MIA achieves a better attack performance in most cases. Finally, we explore the effectiveness of possible defenses, including Dropout, Regularization, Normalization, and Jumping knowledge. None of those four defenses prevent our attack completely., Cyber Security

Published

2022

37. Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand

Author

Cardaioli, Matteo (author), Cecconello, S. (author), Conti, M. (author), Milani, Simone (author), Picek, S. (author), Saraci, Eugen (author), Cardaioli, Matteo (author), Cecconello, S. (author), Conti, M. (author), Milani, Simone (author), Picek, S. (author), and Saraci, Eugen (author)

Abstract

Automated Teller Machines (ATMs) represent the most used system for withdrawing cash. The European Central Bank reported more than 11 billion cash withdrawals and loading/unloading transactions on the European ATMs in 2019. Although ATMs have undergone various technological evolutions, Personal Identification Numbers (PINs) are still the most common authentication method for these devices. Unfortunately, the PIN mechanism is vulnerable to shoulder-surfing attacks performed via hidden cameras installed near the ATM to catch the PIN pad. To overcome this problem, people get used to covering the typing hand with the other hand. While such users probably believe this behavior is safe enough to protect against mentioned attacks, there is no clear assessment of this countermeasure in the scientific literature. This paper proposes a novel attack to reconstruct PINs entered by victims covering the typing hand with the other hand. We consider the setting where the attacker can access an ATM PIN pad of the same brand/model as the target one. Afterward, the attacker uses that model to infer the digits pressed by the victim while entering the PIN. Our attack owes its success to a carefully selected deep learning architecture that can infer the PIN from the typing hand position and movements. We run a detailed experimental analysis including 58 users. With our approach, we can guess 30% of the 5-digit PINs within three attempts - the ones usually allowed by ATM before blocking the card. We also conducted a survey with 78 users that managed to reach an accuracy of only 7.92% on average for the same setting. Finally, we evaluate a shielding countermeasure that proved to be rather inefficient unless the whole keypad is shielded., Cyber Security

Published

2022

38. ESRAS: An efficient and secure ultra-lightweight RFID authentication scheme for low-cost tags

Author

Shariq, Mohd (author), Singh, Karan (author), Lal, C. (author), Conti, M. (author), Khan, Tayyab (author), Shariq, Mohd (author), Singh, Karan (author), Lal, C. (author), Conti, M. (author), and Khan, Tayyab (author)

Abstract

Internet of Things (IoT) technologies rapidly evolve and are used in many real-life applications. One of the core technologies used in various IoT applications is Radio Frequency IDentification (RFID) technology. RFID wirelessly and uniquely identifies the tagged objects without a direct line of sight. However, the research community had reported privacy and security-related concerns in RFID systems, where an adversary may tamper, eavesdrop, add, delete, or even modify the transmitted messages over an insecure communication channel. To address the issues mentioned above, we propose an Efficient, Secure, and practical ultra-lightweight RFID Authentication Scheme (ESRAS), which uses rank operation for low-cost tags. We utilize a simplistic bitwise exclusive-OR, circular left rotation, and a newly proposed ultra-lightweight rank operation to provide high security at low cost. The analysis of ESRAS concerning its security and performance shows that it effectively resists several known attacks and is relatively superior to the existing schemes regarding the computational and storage costs. Moreover, ESRAS shows more suitability for low-cost RFID tags and can be executed in a multimedia big data environment., Cyber Security

Published

2022

39. SETCAP: Service-Based Energy-Efficient Temporal Credential Authentication Protocol for Internet of Drones

Author

El-Zawawy, Mohamed A. (author), Brighente, Alessandro (author), Conti, M. (author), El-Zawawy, Mohamed A. (author), Brighente, Alessandro (author), and Conti, M. (author)

Abstract

Internet of Drones (IoD) is a framework to set up drones networks that may serve multiple purposes, e.g., data collection. New IoD applications (such as drone assisted internet of vehicles) envision the simultaneous collection of multiple data types. Although authentication may prevent unauthorized users to access the collected data, existing authentication solutions do not distinguish between the different types of data collected by drones. Therefore, authenticated users may receive sensitive data regarding another user incurring hence in a privacy leakage. In this paper, we propose SETCAP, a novel Service-Based Energy-Efficient Temporal Credential Authentication Protocol for IoD. SETCAP exploits the distinction between data types to prevent information leakage. We formally test SETCAP against the Real-Or-Random (ROR) model and implemented SETCAP in Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool. Moreover, we validated SETCAP via non-mathematical security analysis to show its security against many attacks. We assessed the superiority of SETCAP in terms of functionality and security characteristics as well as computation, communication, and energy costs. The communication cost of creating a session in SETCAP is approximately 20% smaller than that of creating a session in the closest state-of-the-art protocol. Furthermore, the framework that we propose requires the creation of a number of sessions that are additive in terms of the number of drones and users, whereas the existing solutions are multiplicative. SETCAP is therefore a secure and scalable solution for resource-constrained devices such as drones., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

40. Can You Hear It? Backdoor Attacks via Ultrasonic Triggers

Author

Koffas, S. (author), Xu, J. (author), Conti, M. (author), Picek, S. (author), Koffas, S. (author), Xu, J. (author), Conti, M. (author), and Picek, S. (author)

Abstract

This work explores backdoor attacks for automatic speech recognition systems where we inject inaudible triggers. By doing so, we make the backdoor attack challenging to detect for legitimate users and, consequently, potentially more dangerous. We conduct experiments on two versions of a speech dataset and three neural networks and explore the performance of our attack concerning the duration, position, and type of the trigger. Our results indicate that less than 1% of poisoned data is sufficient to deploy a backdoor attack and reach a 100% attack success rate. We observed that short, non-continuous triggers result in highly successful attacks. Still, since our trigger is inaudible, it can be as long as possible without raising any suspicions making the attack more effective. Finally, we conduct our attack on actual hardware and saw that an adversary could manipulate inference in an Android application by playing the inaudible trigger over the air., Cyber Security

Published

2022

41. Repetitive, Oblivious, and Unlinkable SkNN Over Encrypted-and-Updated Data on Cloud

Author

Li, Meng (author), Zhang, Mingwei (author), Gao, Jianbo (author), Lal, C. (author), Conti, M. (author), Alazab, Mamoun (author), Li, Meng (author), Zhang, Mingwei (author), Gao, Jianbo (author), Lal, C. (author), Conti, M. (author), and Alazab, Mamoun (author)

Abstract

Location-Based Services (LBSs) depend on a Service Provider (SP) to store data owners’ geospatial data and to process data users’ queries. For example, a Yelp user queries the SP to retrieve the k nearest Starbucks by submitting her/his current location. It is well-acknowledged that location privacy is vital to users and several prominent Secure k Nearest Neighbor (SkNN) query processing schemes are proposed. We observe that no prior work addresses the requirement of repetitive query after index update and its privacy issue, i.e., how to match a data item from the cloud repetitively in an oblivious and unlinkable manner. Meanwhile, a malicious SP may skip some data items and recommend others due to unfair competition. In this work, we formally define the repetitive query and its privacy objectives and present an Repetitive, Oblivious, and Unlinkable SkNN scheme ROU. Specifically, we design a multi-level structure to organize locations to further improve search efficiency. Second, we integrate data item identity into the framework of existing SkNN query processing. Data owners encrypt their data item identity and location information into a secure index, and data users encrypt a customized identity range of a previously retrieved data item and location information into a token. Next, the SP uses the token to query the secure index to find the specific data item via privacy-preserving range querying. We formally prove the privacy of ROU in the random oracle model. We build a prototype based on a server to evaluate the performance with a real-world dataset. Experimental results show that ROU is efficient and practical in terms of computational cost, communication overhead, and result verification., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

42. Misinformation Detection on Social Media: Challenges and the Road Ahead

Author

Ahvanooey, Milad Taleby (author), Zhu, Mark Xuefang (author), Mazurczyk, Wojciech (author), Choo, Kim Kwang Raymond (author), Conti, M. (author), Zhang, Jing (author), Ahvanooey, Milad Taleby (author), Zhu, Mark Xuefang (author), Mazurczyk, Wojciech (author), Choo, Kim Kwang Raymond (author), Conti, M. (author), and Zhang, Jing (author)

Abstract

It is increasingly challenging to deal with the volume,variety, velocity, and veracity of misinformation (e.g., dissemination of fake news contents, spurious posts, and fabricated images/videos) from different online platforms. In this article, we present an overview of existing machine learning and information hiding-based misinformation detection techniques and discuss the current threats and limitations of these approaches. Based on the discussion, we identify a number of potential countermeasures., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

43. Modern Authentication Schemes in Smartphones and IoT Devices: An Empirical Survey

Author

Ahvanooey, Milad Taleby (author), Zhu, Mark Xuefang (author), Li, Qianmu (author), Mazurczyk, Wojciech (author), Choo, Kim Kwang Raymond (author), Gupta, Brij B. (author), Conti, M. (author), Ahvanooey, Milad Taleby (author), Zhu, Mark Xuefang (author), Li, Qianmu (author), Mazurczyk, Wojciech (author), Choo, Kim Kwang Raymond (author), Gupta, Brij B. (author), and Conti, M. (author)

Abstract

User authentication remains a challenging issue, despite the existence of a large number of proposed solutions, such as traditional text-based, graphical-based, biometrics-based, Web-based, and hardware-based schemes. For example, some of these schemes are not suitable for deployment in an Internet of Things (IoT) setting, partly due to the hardware and/or software constraints of IoT devices. The increasing popularity and pervasiveness of IoT equipment in a broad range of settings reinforces the importance of ensuring the security and privacy of IoT devices. Therefore, in this article, we conduct a comprehensive literature review and an empirical study to gain an in-depth understanding of the different authentication schemes as well as their vulnerabilities and deficits against various types of cyberattacks when applied in IoT-based systems. Based on the identified limitations, we recommend several mitigation strategies and discuss the practical implications of our findings., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

44. Effect of DIS Attack on 6TiSCH Network Formation

Author

Kalita, Alakesh (author), Brighente, Alessandro (author), Khatua, Manas (author), Conti, M. (author), Kalita, Alakesh (author), Brighente, Alessandro (author), Khatua, Manas (author), and Conti, M. (author)

Abstract

The 6TiSCH standard provides minimum latency and reliability in mission-critical IoT applications. To optimize resource allocation during 6TiSCH network formation, IETF released the 6TiSCH minimal configuration (6TiSCH-MC) standard. 6TiSCH-MC considered IETF's IPv6 Routing Protocol for Low power and Lossy network (RPL) as a routing protocol for both upward and downward routing. In RPL, new joining nodes or joined nodes transmit DODAG Information Solicitation (DIS) requests to get routing information from the network. However, we observe that malicious node(s) can severely affect 6TiSCH networks by sending multiple DIS requests. In this letter, we show and experimentally evaluate on real devices the impact of the DIS attack during 6TiSCH networks formation. We show that the attacker does not need expensive resources or access to the network's sensitive information to execute the DIS attack. Our testbed experiments show that the DIS attack significantly degrades the nodes' joining time and energy consumption, increasing them by 34% and 16%, respectively, compared to normal functioning during 6TiSCH network formation., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

45. Research trends, challenges, and emerging topics in digital forensics: A review of reviews

Author

Casino, Fran (author), Dasaklis, Thomas K. (author), Spathoulas, George (author), Anagnostopoulos, Marios (author), Ghosal, Amrita (author), Borocz, Istvan (author), Solanas, Agusti (author), Conti, M. (author), Patsakis, Constantinos (author), Casino, Fran (author), Dasaklis, Thomas K. (author), Spathoulas, George (author), Anagnostopoulos, Marios (author), Ghosal, Amrita (author), Borocz, Istvan (author), Solanas, Agusti (author), Conti, M. (author), and Patsakis, Constantinos (author)

Abstract

Due to its critical role in cybersecurity, digital forensics has received significant attention from researchers and practitioners alike. The ever increasing sophistication of modern cyberattacks is directly related to the complexity of evidence acquisition, which often requires the use of several technologies. To date, researchers have presented many surveys and reviews on the field. However, such articles focused on the advances of each particular domain of digital forensics individually. Therefore, while each of these surveys facilitates researchers and practitioners to keep up with the latest advances in a particular domain of digital forensics, the global perspective is missing. Aiming to fill this gap, we performed a qualitative review of all the relevant reviews in the field of digital forensics, determined the main topics on digital forensics topics and identified their main challenges. Despite the diversity of topics and methods, there are several common problems that are faced by almost all of them, with most of them residing in evidence acquisition and pre-processing due to counter analysis methods and difficulties of collecting data from devices, the cloud etc. Beyond pure technical issues, our study highlights procedural issues in terms of readiness, reporting and presentation, as well as ethics, highlighting the European perspective which is traditionally stricter in terms of privacy. Our extensive analysis paves the way for closer collaboration among researcher and practitioners among different topics of digital forensics., Cyber Security

Published

2022

46. Side-channel attacks on mobile and IoT devices for Cyber–Physical systems

Author

Conti, M. (author), Losiouk, Eleonora (author), Poovendran, Radha (author), Spolaor, Riccardo (author), Conti, M. (author), Losiouk, Eleonora (author), Poovendran, Radha (author), and Spolaor, Riccardo (author)

Abstract

The attacks that leverage the side-channels produced by processes running on mobile and IoT devices are a concrete threat for cyber–physical systems. This special issue is focused on the most recent research work that investigates novel aspects of this topic. This editorial summarizes the contributions of the seven accepted papers for this special issue., Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2022

47. Practical Exchange for Unique Digital Goods

Author

Ersoy, O. (author), Genç, Ziya Alper (author), Erkin, Z. (author), Conti, M. (author), Ersoy, O. (author), Genç, Ziya Alper (author), Erkin, Z. (author), and Conti, M. (author)

Abstract

Smart contracts can be used for the fair exchange of digital goods. A smart contract can escrow the exchange where the receiver deposits the payment, and the sender claims it by providing the goods. In the case of misbehavior, the parties provide proof on whether the received goods match the pre-agreed description or not. In general, the description is assumed to be the hash of the goods, and it is publicly known. However, without trusting the description provided by the sender, this assumption is not plausible for the scenarios where the goods are uniquely created for a specific receiver. To overcome the trust issue, sampling-based exchange protocols have been introduced where the parties use a sample of the goods as the description. Yet, the existing sampling-based proposals suffer from high on- and off-chain computational and storage costs. In this paper, we present FairDEx: an efficient sampling- based protocol that is suitable for the exchange of unique goods. Our description protocol allows us to achieve low on- and off-chain costs, which are independent of the size of the goods. The off-chain part of the protocol only utilizes highly efficient algorithms, namely hashing and symmetric key encryption. To illustrate the feasibility of FairDEx, we evaluate a research prototype on the Ethereum test network. Our results show that the cost of running FairDEx is around 0.6M gas for reasonably large sample sets, which is 30% cheaper than the state-of-the-art Ethereum-based proposals., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Distributed Systems, Cyber Security

Published

2021

48. Anonymous and Verifiable Reputation System for E-commerce Platforms based on Blockchain

Author

Li, Meng (author), Zhu, Liehuang (author), Zhang, Zijian (author), Lal, C. (author), Conti, M. (author), Alazab, Mamoun (author), Li, Meng (author), Zhu, Liehuang (author), Zhang, Zijian (author), Lal, C. (author), Conti, M. (author), and Alazab, Mamoun (author)

Abstract

E-commerce platforms incorporate reputation systems that allow customers to rate suppliers following financial transactions. Existing reputation systems cannot defend the centralized server against arbitrarily tampering with the supplier’s reputation. Furthermore, they do not offer reputation access across platforms. Rates are faced with privacy leakages because rating activities are correlated with privacy (e.g., identity and rating). Meanwhile, raters could be malicious and initiate multiple rating attacks and abnormal rating attacks. Determining how to address these issues have both research and practical value. In this paper, we propose a blockchain-based privacy-preserving reputation system for e-commerce platforms named RepChain; our system allows cross-platform reputation access and anonymous and private ratings. Using RepChain, all e-commerce platforms collaborate and share users’ reputations by co-constructing a consortium blockchain and modeling the rating process as a finite state machine. In particular, we facilitate one-show anonymous credentials constructed from two-move blind signatures to protect customers’ identities and resist multiple rating attacks, leverage zero-knowledge range proof to verify the correctness of ratings and defend against abnormal rating attacks, design a secure sum computation protocol among nodes to update reputations, and verify ratings via batch processing and consensus hashes. Finally, we demonstrate the security and privacy of RepChain via a formal analysis and evaluate its performance based on Ethereum test network., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2021

49. Privacy for 5G-Supported Vehicular Networks

Author

Li, Meng (author), Zhu, Liehuang (author), Zhang, Zijian (author), Lal, C. (author), Conti, M. (author), Martinelli, Fabio (author), Li, Meng (author), Zhu, Liehuang (author), Zhang, Zijian (author), Lal, C. (author), Conti, M. (author), and Martinelli, Fabio (author)

Abstract

Vehicular networks allow billions of vehicular users to be connected to report and exchange real-time data for offering various services, such as navigation, ride-hailing, smart parking, traffic monitoring, and vehicular digital forensics. Fifth generation (5G) is a new radio access technology with greater coverage, accessibility, and higher network density. 5G-supported Vehicular Networks (5GVNs) have attracted plenty of attention from both academia and industry. Geared with new features, they are expected to revolutionize the mobility ecosystem to empower a portfolio of new services. Meanwhile, the development of such communication capabilities, along with the development of sensory devices and the enhancement of local computing powers, have lead to an inevitable reality of massive data (e.g., identity, location, and trajectory) collection from vehicular users. Unfortunately, 5GVN are still confronted with a variety of privacy threats. Such threats are targeted at users’ data, identity, location, and trajectory. If not properly handled, such threats will cause unimaginable consequences to users. In this survey, we first review the state-of-the-art of survey papers. Next, we introduce the architecture, features, and services of 5GVN, followed by the privacy objectives of 5GVN and privacy threats to 5GVN. Further, we present existing privacy-preserving solutions and analyze them in-depth. Finally, we define some future research directions to draw more attention and down-to-earth efforts into this new architecture and its privacy issues., Cyber Security

Published

2021

50. Where to Meet a Driver Privately: Recommending Pick-Up Locations for Ride-Hailing Services

Author

Chen, Yifei (author), Li, Meng (author), Zheng, Shuli (author), Lal, C. (author), Conti, M. (author), Chen, Yifei (author), Li, Meng (author), Zheng, Shuli (author), Lal, C. (author), and Conti, M. (author)

Abstract

Ride-Hailing Service (RHS) has motivated the rise of innovative transportation services. It enables riders to hail a cab or private vehicle at the roadside by sending a ride request to the Ride-Hailing Service Provider (RHSP). Such a request collects rider’s real-time locations, which incur serious privacy concerns for riders. While there are many location privacy-preserving mechanisms in the literature, few of them consider mobility patterns or location semantics in RHS. In this work, we propose a pick-up location recommendation scheme with location indistinguishability and semantic indistinguishability for RHS. Specifically, we give formal definitions of location indistinguishability and semantic indistinguishability. We model the rider mobility as a time-dependent first-order Markov chain and generates a rider’s mobility profile. Next, it calculates the geographic similarity between riders by using the Mallows distance and classifies them into different geographic groups. To comprehend the semantics of a location, it extracts such information through user-generated content from two popular social networks and obtains the semantic representations of locations. Cosine similarity and unified hypergraph are used to compute the semantic similarities between locations. Finally, it outputs a set of recommended pick-up locations. To evaluate the performance, we build our mobility model over the real-world dataset GeoLife, analyze the computational costs of a rider, show the utility, and implement it on an Android smartphone. The experimental results show that it costs less than 0.12 ms to recommend 10 pick-up locations within 500 m of walking distance., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Cyber Security

Published

2021