Critical Infrastructure Protection: Security Solutions and...

CriticalInfrastructureProtection:

SecuritySolutionsandAttacks

Deliverable4b

December2015

Editors:BrunoCrispo,LucaAllodi,AhmedWaqarandVietHungNguyen(UniversityofTrento)

Tableofcontents

ExecutiveSummary...........................................................................................................................................4

Introduction......................................................................................................................................................5

Cluster:ProtectionofInternetandCloudInfrastructures...............................................................................6

Cluster:SCADAProtection...............................................................................................................................9

Cluster:WirelessSensorNetworksProtection..............................................................................................10

Cluster:MobilePlatformsProtection............................................................................................................16

Cluster:PrivacyProtection............................................................................................................................18

Cluster:BlackMarketsandNewMethodologyforVulnerabilityAssessmentandMitigation.....................22

Cluster:Attacks..............................................................................................................................................25

Conclusions.....................................................................................................................................................28

ExecutiveSummaryEvenifwebuyananti-theftalarmtoprotectourhouse,westillcarethatthewindowsandthedoorsarelocked and safe. Detection and prevention are correctly considered complementary approaches inprotectinganasset.Similarly,protectingNationalCriticalInfrastructure(NCIs)fromcyber-attacksrequiresacoordinatedcombinationofpreventionanddetectionmeasures.This deliverable presents the work done within TENACE about security solutions aiming at preventingattacks and addressing vulnerabilities. Solutions are grouped in clusters identified by the domain ofapplication (Internet and Cloud, SCADA,Mobile Platforms,Wireless Sensors Networks and Privacy) andinclude research findings and novel contributions developed within the TENACE consortium. To designeffectiveandefficientpreventivesolutionsandmotivatetheirneeds,it’simportanttoknowagainstwhomandwhatweneedtodefend.Hence,thedeliverableincludesalsoresearchTENACEiscarriedontostudyattackermotivationsandbehaviorandattackstechniquesandtools. TENACE - ProtectingNationalCritical Infrastructures fromCyber Threats is a researchproject fundedby the ItalianMinisterodell’Istruzione,dell’UniversitàedellaRicercaundertheprogramProgettidiRicercadi InteresseNazionale(Project number 20103P34XC). Further information on TENACE is available on the official website athttp://www.dis.uniroma1.it/~tenace/.

IntroductionThisdeliverableincludessecuritysolutionsthathavebeenalloratleastpartially,designed,developedandevaluatedwithin the project TENACE. The common characteristics of all the solutions presented in thisdeliverableisthegoalofsecuringthesysteminordertopreventattacks(ratherthanforexampledetectingintrusionsorattacksthatalreadyhapppen). They includes techniquesandtools,usuallytermedas firstlineofdefense, aimingat implementing securityproperties (i.e., confidentiality, authentication, integrity,etc.)andmakingsurethetargetsystemwillbehaveaccordingtogivenspecifications(i.e.enforcementofsecurity policies). Solutions covers both hosts (of different nature, from cloud to mobile phones, toactuators) and networks (i.e. wired andwireless). The deliverable is organized in research clusters, asshowninFigure1.Fiveofthem(theblueones)identifyingthespecifictechnologyorsecuritypropertyonwhich each solutions included in the cluster applies to. These are: Protection of Internet and CloudInfrastructures,SCADAProtection,WirelessSensorNetworkProtection,MobilePlatformsProtectionandPrivacyProtection.Then,therearetwoclustersthatarecross-cuttingclusters(ingreen):thefirst,labeledBlackMarkets and NewMethodology for Vulnerability Assessment andMitigation, includes researchrelatedtothestudyandanalysisofblackmarkets,andincluderesearchonthemethodologyusedtoassessthe riskassociated to reportedcomputervulnerabilitiesandattacksand the strategies tomitigate them.Thesecond,labeledAttacks,includesresearchrelatedtoknownandnewattackmethods,techniquesandvectors.Eachclusterstartswithageneraldescriptionofitscontentfollowedbythepapersdescribingeachsolution.Foreachpaper,welistthebibliographicreferenceanditsabstract.

Figure1:Clustersofresearch

Theselectedclustersarebynomeansexhaustiveofall research issuesrelatedtotheprotectionofNCIs.Also,theirselectionisnotdrivenbybeingthemostimportantones.Whiletheycovercoretechnicalissues,equally important aspects (i.e. legal frameworks) are not considered. Rather, this specific selection ofclustersreflecttheknowledgeandexpertisepresentintheconsortium.

WSNProtection

MobilePlatformsProtection

SCADAProtection

PrivacyProtection

Attacks BlackMarketsand

Vu

lnerabilityAssessm

ent

ProtectionofInternetandCloudInfrastructures

ThisdeliverablecomplementsandintegrateswiththemethodsandmodelsreportedinDeliverable2a,thedetectionanddataanalysissolutionspresentedinDeliverable3aandusessomeofthetoolsanddatasetsreportedinDeliverable5a.

Cluster:ProtectionofInternetandCloudInfrastructuresProtecting National Critical Infrastructures (NCIs) often involves the use of Internet infrastructures,including Cloud Services (e.g., to offload storage or processing). Hence, preventing such infrastructuresfromallpossiblekindofattacks(includingconfidentiality)iskeyforthepreventionoftheNCI.In the researchwork done in this area,we focusedparticularly on issues such as: (i) storage offloading,proving mechanisms to ensure the quality of service provided; (ii) communication involving cloudinfrastructures,providingmechanismstoensurethatevenwhenentitiesinvolved(e.g.,cloudproviderandtelcooperator)aremalicious/compromisedorhonestbutcurious,andcolludeamongthem,theyarenotabletoviolatetheconfidentialityofthecommunications;(iii)futureinternetinfrastructuresandspecificallycontent-centric ones, providing solutions tomake those infrastructuresmore resilient against all attackstheyareexposedto(mostlyDenialofServiceones).

• G.Ateniese,R.Baldoni,S.Bonomi,G.AntonioDiLuna,“Fault-TolerantObliviousAssignmentwithmSlotsinSynchronousSystems”.JournalofParallelandDistributedComputing,Volume74,Issue7,July2014,Pages2648-2661,

Abstract:Preservinganonymityandprivacyofcustomeractionswithinacomplexsoftwaresystem,suchasacloudcomputingsystem,isoneofthemainissuesthatshouldbeaddressedtoboostprivatecomputationoutsourcing. In this paper, we propose a coordination paradigm, namely oblivious assignmentwithmmslotsofaresourceR(withm≥1),allowingprocessestocompeteinordertogetaslotofR,whileensuringatthesametimebothfairnessintheassignmentofresourceslotsandthatnoprocesslearnswhichslotofRisassigned toa specificprocess.Wepresentadistributedalgorithmsolvingobliviousassignmentwithmmslotswithinadistributedsystem,assuming(1)aboundednumberofcrashfailuresf,(2)theexistenceofatleastf+2honestprocesses,and(3)m≤n(wherenisthenumberofprocesses).Thealgorithmisbasedonarotating token paradigm and its correctness is formally proved. A probabilistic analysis of the averagewaitingtimebeforegettingaslotisalsoprovided.

• G. Ateniese, A. Faonio, B.Magri, B. deMedeiros, “Certified Bitcoins”, Applied Cryptography andNetworkSecurity.LectureNotesinComputerScienceVolume8479,2014,pp80-96.

Abstract:Bitcoinisapeer-to-peer(p2p)electroniccashsystemthatusesadistributedtimestampservicetorecordtransactionsinapublicledger(calledtheBlockchain).AcriticalcomponentofBitcoin'ssuccessisthedecentralized nature of its architecture, which does not require or even support the establishment ofrustedauthorities.Yettheabsenceofcertificationcreatesobstaclestoitswideracceptanceine-commerceandofficialuses.WeproposeacertificationsystemforBitcointhatoffers:a)anopt-inguaranteetosendandreceivebitcoinsonlyto/fromcertifiedusers;b)controlofcreationofbitcoinsaddresses(certifiedusers)bytrustedauthorities.Our proposal may encourage the adoption of Bitcoin in different scenarios that require an officiallyrecognizedcurrency,suchastaxpayments,oftenanintegralpartofe-commercetransactions.

• Q.Zheng,S.Xu,G.Ateniese, “VABKS:Verifiableattribute-basedkeywordsearchoveroutsourcedencrypteddata”.InIEEEConferenceonComputerCommunications,pages522-530,2014.

Abstract: It is commonnowadays fordataowners tooutsource theirdata to thecloud.Since thecloudcannotbefullytrusted,theoutsourceddatashouldbeencrypted.Thishoweverbringsarangeofproblems,suchas:Howshouldadataownergrantsearchcapabilitiestothedatausers?Howcantheauthorizeddata

userssearchoveradataowner’soutsourcedencrypteddata?Howcanthedatausersbeassuredthatthecloudfaithfullyexecutedthesearchoperationsontheirbehalf?Motivatedbythesequestions,weproposea novel cryptographic solution, called verifiable attribute-based keyword search (VABKS). The solutionallowsadatauser,whosecredentialssatisfyadataowner’saccesscontrolpolicy,to(i)searchoverthedataowner’s outsourced encrypted data, (ii) outsource the tedious search operations to the cloud, and (iii)verifywhether the cloud has faithfully executed the search operations.We formally define the securityrequirementsofVABKSanddescribeaconstructionthatsatisfiesthem.Performanceevaluationshowsthattheproposedschemesarepracticalanddeployable

• S.Guarino,E.Canlar,M.Conti,R.DiPietro,A.Solanas,“ProvableStorageMediumforDataStorageOutsourcing”.InIEEETransactionsonServicesComputing,inpress,2014.

Abstract:Inremotestorageservices,delaysinthetimetoretrievedatacancauseeconomiclossestothedataowners.Inthispaper,weaddresstheproblemofproperlyestablishingspecificclausesintheServiceLevel Agreement (SLA), intended to guarantee a short and predictable retrieval time. Based on therationalethattheretrievaltimemainlydependsonthestoragemediausedattheserverside,weintroducetheconceptofProvableStorageMedium(PSM),todenotetheabilityofausertoefficientlyverifythattheprovider is complying to this aspect of the SLA. We propose PSM as an extension of Provable DataPossession(PDP):embeddingchallenge-responsePDPschemeswithmeasurementsoftheresponsetime,bothpropertiescanbeenforcedwithoutanyneedfortheusertolocallystorenordownloadherdata.Wedescribe a realistic implementationof PSM in a scenariowheredata shouldbe storedboth in RAMandHDD.Athoroughanalysisshowsthat,evenforrelativelysmallchallenges,thetotaltimetocomputeanddeliver the response is sensibly affected by the remarkable difference in the access time of the twosupports.

• C.Ardagna,M.Conti,M.Leone,J.Stefa,“PreservingSmartphoneUsers'AnonymityinCloudyDays”.InProceedingsofthe3rdInternationalWorkshoponPrivacy,SecurityandTrustinMobileandWirelessSystems(IEEEICCCN2013workshop:IEEEMobiPST2013),pages1-5,June2013.

Abstract:Themobilecloudcomputingparadigminvolvescommunicationsbetweensmartphonesandtheirvirtual(software)clonesinthecloud.Itoffersbothbackup/recoverysolutionsaswellasoffloadofmobilecomputations, increasing the communication and computation capabilities of smartphones and makingtheir limitedbatteries last longer.Unfortunately, inthisscenario,theprivacyoftheusers isatstake.Thecellular network operator knows howoften users contact the cloud, and the cloudprovider knows howoften users’ clones contact each other. We address this privacy problem by providing an anonymouscommunication protocol, leveraging properties of social networks and ad-hoc wireless networks. Oursolutionprovidesanonymousend-to-endcommunicationbetween twousers in thenetwork,and in turnbetweenauserandhercloneinthecloud.Theproposalcopeswithanadversarymodel,whereeachpartyobservingaportionofthecommunication(includingthecloudproviderandthecellularnetworkoperator)possiblycolludeswithotherstouncovertheidentityofcommunicatingusers.

• C.Ardagna,M.Conti,M.Leone,J.Stefa,“AnAnonymousEnd-to-EndCommunicationProtocolforMobileCloudEnvironments.“, InIEEETransactionsonServicesComputingVolume:7Issue:3,Feb.2014,pp.373-386.

Abstract:Today,smartphonescanrelyonvirtual(software)“clones”inthecloud,offeringbackup/recoverysolutionsaswellasthepossibilitytooffloadcomputations.Asaresult,clonesincreasethecommunicationand computation capabilities of smartphones, making their limited batteries last longer. Unfortunately,mobile cloud introduces new privacy risks, since personal information of the communicating users isdistributed among several parties (e.g., cellular network operator, cloud provider). In this paper, we

proposeasolutionimplementinganend-to-endanonymouscommunicationprotocolbetweentwousersinthenetwork,whichleveragespropertiesofsocialnetworksandadhocwirelessnetworks.Weconsideranadversarymodelwhereeachpartyobservingaportionofthecommunicationpossiblycolludeswithotherstouncovertheidentityofcommunicatingusers.Wethenextensivelyanalyzethesecurityofourprotocolandtheanonymitypreservedagainsttheaboveadversaries.Mostimportantly,weassesstheperformanceofoursolutionbycomparingittoToronarealtestbedof36smartphonesandrelativeclonesrunningonAmazonEC2platform.

• A.DiFlorio,N.V.Verde,A.Villani,D.VitaliandL.V.Mancini,“BypassingCensorship:aproventoolagainsttherecentInternetcensorshipinTurkey”.InIEEEInternationalWorkshoponReliabilityandSecurityDataAnalysis(RSDA2014),Ital,2014.

Abstract:Inthispaper,wesurveytheeventsrelatedtotheInternetcensorshiphappenedinTurkeyduringthefirstmonthsof2014andweintroduceDNSet,anAndroidappthathasbeenusedbyTurkishcitizenstosuccessfullycircumventthe Internetcensorship. Inparticular,DNSetallowsmobileuserstoeasilychangetheDNSserverimposedbytheir3G/4Gproviders,withoutthemobileusershaveadministrativerightsonthedevice(i.e.withoutrootingthedevice).Wereportondataandinformationthathasbeenanonymouslycollected through the DNSet application. Furthermore, we raise up the suspicion that a few censorshipactivitiesinTurkeybeganatleastamonthbeforetheofficialbanonTwitter.

• M. Ambrosin, M. Conti, P. Gasti, G. Tsudik “Covert Ephemeral Communication in Named DataNetworking”. In Proceedings of the 9th ACM Symposium on Information, Computer andCommunicationsSecurity(ASIACCS2014),pages15-26,June2014.

Abstract: In recent years, the growing belief that the current IP-based Internet is becoming obsoleteprompted several research efforts that aim to design potential next-generation Internet architectures.Named Data Networking (NDN), an instantiation of the content-centric approach, is one such effort. IncontrastwiththeirIPcounterparts,NDNroutersmaintainasignificantamountofstateinformation.Inthispaper,weinvestigatetheuseofthisfeatureforcovertephemeralcommunication(CEC).CECallowstwoormore parties to covertly exchange ephemeralmessages, i.e.,messages that become unavailable after acertain amount of time. Our techniques rely only on network-layer services. This makes our protocolsrobust,andstealthycommunication-difficulttodetect.Weshowthatuserscanbuildhigh-bandwidthCECchannels by exploiting features unique to NDN: in-network caches, routers' forwarding state and namematching rules.Weassess feasibilityandperformanceof identifiedCECchannelsusinga local setupandtheofficialNDNtestbed.

• Villani,D.Vitali,D.Riboni,C.Bettini,L.V.Mancini,“Obsidian:AScalableandEfficientFrameworkfor NetFlow Obfuscation”, In the Proc. Of the 32nd IEEE International Conference on ComputerCommunications(INFOCOM2013).

Abstract: This extended abstract briefly introduces Obsidian, a scalable and efficient Pythonimplementation of the extended version of the (k, j)-obfuscation technique. Obsidian improves thepreviousversionbysupportingthe incrementalobfuscationofnetwork flows.Thisextensionenables theobfuscationof largerdatasetsofnetwork flowsas requiredbynetworking research.As such ithasbeenevaluatedwithbillionsofflowsgeneratedbytheborderrouterofacommercialAutonomousSystem(AS).

• G. Ács, M. Conti, P. Gasti, C. Ghali, G. Tsudik,” Cache Privacy in Name-Data Networking.” InProceedingsof the33rd InternationalConferenceonDistributedComputingSystems (IEEE ICDCS2013).

Abstract: Content-Centric Networking (CCN) is an alternative to host-centric networking exemplified bytoday’sInternet.CCNemphasizescontentdistributionbymakingcontentdirectlyaddressable.Named-DataNetworking (NDN) is an example of CCN being considered as a candidate next-generation Internetarchitecture.OnekeyNDNfeatureisrouter-sidecontentcachingthatoptimizesbandwidthconsumption,reducescongestionandprovidesfastfetchingforpopularcontent.Unfortunately,thesamefeatureisalsodetrimentaltoprivacyofbothconsumersandproducersofcontent.Asweshowinthispaper,simpleanddifficult-to-detect timing attacks can exploit NDN routers as “oracles” and allow the adversary to learnwhether a nearby consumer recently requested certain content. Similarly, probing attacks that targetadjacent contentproducers canbeused todiscoverwhether certain contenthasbeen recently fetched.After analyzing the scope and feasibility of such attacks, we propose and evaluate some efficientcountermeasuresthatofferquantifiableprivacyguaranteeswhileretainingkeyfeaturesofNDN.

• F. Buccafurri, G. Lax, S. Nicolazzo, A. Nocera, ”Accountability-Preserving Anonymous Delivery ofCloud Services.”, 12th International Conference on Trust, Privacy & Security in Digital Business(Trustbus'15),Valencia,Spain,2015.

Cloudcomputingisanemergingparadigmwhoseimportancebothinlargeandsmallbusinessismoreandmoreincreasing.Asoneofthereasonsmotivatingtheadoptionofcloudcomputingsolutionsistoalleviatetheloadofcompaniesrelatedtothesolutionofsecurityanddisasterrecoveryissues,securityisoneofthemain features to fulfill in a cloud computing system.Moreover, a number of new security and privacyproblemsarise,suchasthreatstouser'sprivacyduetotherealisticpossibilityofhavinghonest-but-curiouscloudproviders.Inthisscenario,weproposeanauthenticationschemesupportingfullanonymityofusersandunlinkabilityofservicerequests.This isdonebycombiningamulti-partycryptographicprotocolwiththeuseofacooperativeP2P-basedapproachtoaccessservicesinthecloud.Asthesolutionisthoughttobe adopted in e-government scenarios, accountability of user accesses is always preserved, to preventmisuseandillegalactionsofusers.

Cluster:SCADAProtectionAlmost all critical industrial infrastructures and processes are managed remotely from central controlrooms,usingcomputersandcommunicationsnetworks.Theseallusevariousformsofprocesscontroland'supervisory control and data acquisition' - known as SCADA technology. Hence, security of SCADA is ofparamountimportantfortheprotectionofNCIs.ThisclusterincludesallproposalsaddressingtheproblemofprotectingSCADAsystems.ThefirstpaperproposesatechniquefordetectingcompromisednodesinaSCADAsystemthatexploitsatrust-basedstrategyderivedfromtheresearchfieldoncompetitiveagents.The secondpaper introduces a trust-based layer in theOSI stackprotocol for IP-basedWSNs toprovidefunctionalitiesrequiredtoensureintrusiontolerantrouting.

• F.Buccafurri,A.Comi,G.Lax,D.Rosaci.ATrust-basedApproachforDetectingCompromisedNodesinSCADASystems.11thGermanConference,MATES2013,September16-20,2013,LectureNotesinComputerScienceVol.8076,pp222-235.

• F. Buccafurri, L. Coppolino, S. D’Antonio, A. Garofalo, G. Lax, A. Nocera, L. Romano. Trust-BasedIntrusionTolerantRoutinginWirelessSensorNetworks.33rdInternationalConference,SAFECOMP2014,September10-12,2014,LectureNotesinComputerScienceVol.8666,2014,pp214-229.

• G. Dini, L. Lopriore. Password systems: design and implementation. Computers & Electrical

Engineering.Availableonline5March2015Abstract.Criticalinfrastructuresrequireprotectionsystemsthatarebothflexibleandefficient.Flexibilityisessential to capture the multi-organizational and state-based nature of these systems, efficiency isnecessary to cope with limitations of hardware resources. To meet these requirements, we consider aclassical protection environment featuring subjects that attempt to access the protected objects. Weapproach the problem of specifying the access privileges held by each subject. Our protection modelassociatesapasswordsystemwitheachobject;thepasswordsystemfeaturesapasswordforeachaccessprivilege defined for this object. A subject can access the object if it holds a key matching one of thepasswords in the password system, and the access privilege corresponding to this password permits toaccomplishtheaccess.Passwordsystemsare implementedashierarchicalbidimensionalone-waychains.Trade-offs are possible between the memory requirements for storage of a password system and theprocessingtimenecessarytovalidateakey.

Cluster:WirelessSensorNetworksProtectionCyber-physical systems (CPSs) are building blocks used in several National Critical Infrastructures (NCIs):CPSs,madeoftenbydistributedsensorsandactuators,areusedtocontinuouslymonitorthestatusofNCI,andpossiblyreact tospecificconditions.Thenetworksusedtoconnectall thesedevices areexposedtoattacks which are very specific to their nature (e.g., often involving wireless communications; havingcomputation and energy constraints; being unattended). In this research thread, we aim at providingsecurity mechanism for such networks. In particular, we focused on the following: (i) Wireless SensorNetworks,providingefficientsolutions,possiblyemployingcryptography,topreventattacks(rangingfromphysicaltoapplicationlevel)andmitigatingtheireffect.Itincludesalsoworklookingattheissueofenergyconsumption;(ii)VehicularNetworks,providingsolutiontosecurelylocalizemovingentities;(iii)providingsecureandefficientmechanisms toupdatea largenumberofdevices, thatmightbepartof the sensingcomponentofNCIs.

• G.Ateniese,G.Bianchi,A.Capossele,C.Petrioli:“Low-costStandardSignaturesinWirelessSensorNetworks: A Case for Reviving Pre-computation Techniques?” In Proceedings of the 20thAnnualNetwork&DistributedSystemSecuritySymposium(NDSS2013).

Abstract:Effectivepre-computationtechniqueshavebeenproposedalmost15yearsagofortrimmingthecostofmodularexponentiationsatthebasisofseveralstandardsignatureandkeymanagementschemes,such as the (Elliptic Curve) DigitalSignature Algorithm or Diffie-Hellman key exchange. Despite theirpromises, the actual application of such techniques in the wireless sensor security arena has beenapparently overlooked, and most of the research effort has rather focused on the identification ofalternative lightweight constructions. However, modern sensor are equipped with relatively large flashmemorieswhichmakememoryconsumptiona lesscritical requirement,andemergingenergyharvestingtechnologies provide occasional energy peakswhich could be exploited for anticipating otherwise costlycomputational tasks. These trends push for a reconsideration of pre-computation techniques,which areexplored inthispaperas follows: (1)wefurtheroptimizepriorpre-computationtechniquesbyexploitingmore recent results on Cayley graph expanders, (2) we implement an ECDSA scheme relying on pre-computations over two different wireless sensor node platforms (TelosB and MICA2), and (3) we

experimentally assess the relevant performance and energy costs. In the traditional scenario ofwirelesssensor networkswithout energy harvesting, our prototype ECDSA implementation, despite still not fullyoptimized,outperformspriorworkbyalmost50%,andachievesanefficiencysuperiortoNTRUsignatures,natural candidatesfor low-powerdevices.Finally,(4)wequantitativelydiscusswaystoexploitharvestedenergypeakstofurtherimproveefficiency

• F.BuccafurriandG.Lax.ANovelPseudoRandomNumberGeneratorbasedonL'Ecuyer'sscheme.

Proc.of the11th InternationalConferenceonSecurityandCryptography (SECRYPT2014),August2014,pp.321-328

Abstract: Inthispaper,weproposeanewlightweightL’Ecuyer-basedpseudorandomnumbergenerator(PRNG).We show that our scheme, despite the very simple functions on which it relies on, is stronglysecure in the sense that our number sequences pass the state-of-the-art randomness tests and,importantly,anaccurateanddeepsecurityanalysisshowsthatitisresistanttoanumberofattacks.

• G. Dini and L. Lopriore. "Key propagation in wireless sensor networks." Computers & ElectricalEngineering,toappear.Availableonline14March2014.

Abstract:Withreferencetoanetworkconsistingofsensornodesconnectedbywirelesslinks,weapproachtheproblemofthedistributionofthecryptographickeys.Wepresentasolutionbasedoncommunicationchannels connecting sequences of adjacent nodes. All the nodes in a channel share the same key. Thisresult is obtained by propagating the key connecting the first two nodes to all the other nodes in thechannel.Thekeypropagationmechanismisalsousedforkeyreplacement,asisrequired,forinstance, ingroupcommunicationtosupportformsofforwardandbackwardsecrecy,whenanodeleavesagrouporanewnodeisaddedtoanexistinggroup.

• L. LoprioreandG.Dini,Protectedpointers inwireless sensornetworks,Toapper in InternationalJournalofAdHocandUbiquitousComputing.

Abstract.With reference to a distributed architecture consisting of sensor nodes connected bywirelesslinks in an arbitrary network topology, we consider a segment-oriented implementation of the singleaddressspaceparadigmofmemoryreference.Inourapproach,applicationsconsistofactiveentitiescalledcomponents, which are distributed in the network nodes. A component accesses a given segment bypresentingahandle for this segment.Ahandle isa formofpointerprotectedcryptographically.Handlesallow an effective implementation of communications between components, and key replacement. Thenumberofmessagesgeneratedby theexecutionof the communicationprimitives is independentof thenetwork size. The key replacement mechanism is well suited to reliable application rekeying over anunreliablenetwork.

• W.B. Jaballah,M. Conti, R. Di Pietro,M.Mosbah,N. V. Verde, “MASS: An Efficient and SecureBroadcastAuthenticationSchemeforResourceConstrainedDevices.”IntheProceedingsofthe8thInternationalConferenceonRisksandSecurityofInternetandSystems(CRiSIS2013)

Abstract:Messageauthenticationforresourceconstraineddevicesisachallengingtopic.Indeed,giventhescarceness of on-board resources, solutions that do not rely on asymmetric key cryptography are indemand.A fewsolutions toaddress this issuehavebeenproposed,and somehavegained the statusofstateoftheartthankstotheireffectivenessandefficiency.However,evenifstateoftheartsolutionsdoprovide sender-receiver on-the-fly message authentication, they are not able to tackle a few relevant

attacks on received messages when the time dimension is taken into account. In particular, we firstintroducetwotypesofattacks:theswitchcommandattack(whereanadversarypretendsto“switch”twomessagesovertime-that is,alteringtherelativetimeordering),andthedropcommandattack(whereanadversary couldpretendnothaving receivedamessagepreviously sent from the legitimate sender).Wethenproposeanewsolution forbroadcastauthentication thatcopeswith theabove introducedattacks:MASS.Ouranalysis shows thatMASS iseffective indetectingboth switch commandanddropcommandattacks.

• S.Roy,M.Conti, S. Setia, andS. Jajodia, “SecureDataAggregation inWireless SensorNetworks:Filteringout theAttacker's Impact.” In IEEE Transactionson Information Forensics& Security, toappear,2014.

Abstract:Wirelesssensornetworks(WSNs)areincreasinglyusedinmanyapplications,suchasvolcanoandfiremonitoring, urban sensing, and perimeter surveillance. In a largeWSN, in-network data aggregation(i.e., combining partial results at intermediate nodes during message routing) significantly reduces theamountofcommunicationoverheadandenergyconsumption.Theresearchcommunityproposeda loss-resilient aggregation framework called synopsis diffusion,which uses duplicate-insensitive algorithms ontop of multipath routing schemes to accurately compute aggregates (e.g., predicate count or sum).However, this aggregation framework does not address the problem of false sub-aggregate valuescontributedbycompromisednodes.Thisattackmaycauselargeerrors intheaggregatecomputedatthebase station, which is the root node in the aggregation hierarchy. In this paper, wemake the synopsisdiffusion approach secure against the above attack launched by compromised nodes. In particular, wepresentanalgorithmtoenablethebasestationtosecurelycomputepredicatecountorsumeven inthepresence of such an attack. Our attack-resilient computation algorithm computes the true aggregate byfilteringoutthecontributionsofcompromisednodes intheaggregationhierarchy.Extensiveanalysisandsimulationstudyshowthatouralgorithmoutperformsotherexistingapproaches

• R.DaidoneandG.Dini.AperformanceevaluationmethodforWSNssecurity.TheNineteenthIEEEInternationalSymposiumonComputersandCommunication(ISCC2014).Madeira(Pt),23-26June,2014

• R.Daidone,G.Dini, andG.Anastasi.OnEvaluating thePerformance Impactof the IEEE802.15.4SecuritySub-layer.ComputerCommunications,vol.47,pp.65-76,July2014.

Description:Nowadays,wirelesssensornetworks(WSNs)areusedinawiderangeofapplicationscenariosranging from structural monitoring to health-care, from surveillance to industrial automation. Most oftheseapplicationsrequireformsofsecurecommunication.Ontheotherhand,securityhasacostintermsofreducedperformance.Wehaveexploredthesecurity-performancetrade-offattwolayers,namelyMACandapplication.AttheMAClayer,wehaveinvestigatedtheimpactoftheIEEE802.15.4securitysub-layerontheWSNperformance.Specifically,wehaveanalysedtheimpactthatthestandardsecuritymechanismsandoptionshaveontheoverallWSNperformance,intermsoflatency,goodput,andenergyconsumption.Tothisend,wehavedevelopedananalyticalmodelandasecurityenabledsimulator.Wehavealsousedarealtestbed,basedonacompleteopen-sourceimplementationofthestandard,tovalidatesimulationandanalytical results. At the application layer, we have devised amethod for performance evaluation of amodular security architecture for WSNs. Our method evaluates the costs that have to be paid whenintroducing security, in terms of memory occupancy, network performance and energy consumption.Knowing these indexes leads to awareness of security costs and helps in fine-tuning of securityperformance trade-offs. A designer may apply our method to know the impact on performance of the

securitymodulesheneeds.Also,wepresentperformancedatacollectedbyapplyingourmethodon theimplementationofPLASA,amodularsecurityarchitecturewehavedesignedandevaluated.

• R.Daidone,G.Dini,andM.Tiloca.ASolutiontotheGTS-BasedSelectiveJammingAttackon IEEE802.15.4Networks.WirelessNetworks,Vol.20,no.5,pp.1223-1235,July,2014.

• M.Tiloca,D.DeGuglielmo,G.DiniandG.Anastasi.SAD-SJ:aSelf-AdaptiveDecentralizedsolutionagainst Selective Jamming attack in Wireless Sensor Networks. In Proceedings of the IEEEInternational Conference on Emerging Technology & Factory Automation (ETFA 2013), Cagliari(Italy),2013

• Marco Tiloca,DomenicoDeGuglielmo,GianlucaDini,GiuseppeAnastasi, Sajal K.Das. JAMMY: aDistributedandDynamicSolution toSelective JammingAttack inTDMAWSNs.Toappear in IEEETransactionsonDependableandSecureComputing.

Description:SelectivejammingisaparticularlyinsidiousformofDenialofServiceinTDMA-basedWSNs.Inaselectivejammingattack,anadversaryonlyjamsparticularsegmentsoftraffic(e.g.,thetrafficinvolvingacertaindevice). It followsthatby jammingafewslots ineverysuper-frame,theadversarymaycausethehighestharm(e.g.,thwartingthewholecommunicationofadevice)while,atthesametime,savingenergyand limiting his/her activity/visibility in the network. As a consequence, detecting a selectivejamming/jammer becomesmore difficult.Wehave devised a countermeasure against selective jammingwhichrandomlyallocatesslotstodevicesateachsuper-frame.Bydoingso,theattackerisforcedtojamatrandom,unlesshe/sheiswillingtogiveawayenergysavingandreducedvisibility.Wehaveproposedbothacentralizedandafullydistributedversionofthecountermeasure.TheformerhasbeenconceivedtobecompliantwiththeIEEE802.15.4GuaranteedTimeSlotstandard.

• L. Lopriore, “Hardware support for memory protection in sensor nodes”, Microprocessors andMicrosystems,vol.38,no.3(May2014),pp.226–232.

Abstract: With reference to the typical hardware configuration of a sensor node, we present thearchitecture of a memory protection unit (MPU) designed as a low-complexity addition to themicrocontroller.TheMPUisaimedatsupportingmemoryprotectionandtheprivilegedexecutionmode.Itisconnectedtothesystembuses,andisseenbytheprocessorasamemory-mappedinput/outputdevice.The contents of the internal MPU registers specify the composition of the protection contexts of therunningprogramintermsofaccessrightsforthememorypages.TheMPUgeneratesahardwareinterrupttotheprocessorwhenitdetectsaprotectionviolation.TheproposedMPUarchitectureisevaluatedfromanumberofsalientviewpoints,whichincludethedistribution,reviewandrevocationofaccesspermissions,and the support for important memory protection paradigms, including hierarchical contexts andprotectionrings.

• G.Bianchi,A.Capossele,C.PetrioliandD.Spenza,“AGREE:exploitingenergyharvestingtosupportdata-centricaccesscontrolinWSNs.”SpecialIssueonSecurity,PrivacyandTrustManagementintheInternetofThingsera(SePriT),ElsevierAdHocnetworks2013.

Abstract: Thiswork ismotivatedbyageneralquestion:canenergyharvestingcapabilitiesembedded inmodern sensornodesbeexploited soas to support securitymechanismswhichotherwisewouldbe toodemanding and hardly viable? More specifically, in this work we focus on the support of extremelypowerful, but complex, fine-grained data-centric access control mechanisms based on multi-authorityCiphertext Policy Attribute Based Encryption (CP-ABE). By integrating access control policies into the(encrypted)data,suchmechanismsdonotrequireanyserver-basedaccesscontrol infrastructureandare

thushighlydesirableinmanywirelesssensornetworkscenarios.However,asconcretelyshownbyaproof-of-concept implementation first carried out in this paper on TelosB and MicaZ motes, computationalcomplexityandenergytollofstate-of-the-artmulti-authorityCP-ABEschemesisstillcritical.

• Cammarano,D.SpenzaandC.Petrioli,“Energy-harvestingWSNsforstructuralhealthmonitoringofundergroundtraintunnels.”,IntheWorkshopproceedingsofIEEEINFOCOM2013.

Abstract: Themain goal of this work is to investigate the feasibility of aWSNwith energy-harvestingcapabilities for structural health monitoring, specifically targeting underground tunnels. To assess theenergyavailabilityinareal-lifescenario,weinstrumentedanundergroundtraintunnelinRomewithTelosBmotes interfacedwithwindmicro-turbines, collectingair-flowdata formore thanamonth. ThepaperanalysethecollecteddatatoquantifytheenergyavailabilityintermsoftypicalWSNoperations,includingcommunication,storageandsensing.

• W.B.Jaballah,M.Conti,M.Mosbah,C.Palazzi,“SecureVerificationofLocationClaimsonaVehicularSafetyApplication”,InProceedingsofthe22ndInternationalConferenceonComputerCommunicationsandNetworks(IEEEICCCN2013),pages1-7,June,2013.

Abstract: Traffic safety through inter-vehicular communication is one of the most promising andchallenging applications of Vehicular Ad-hoc Networks. In this context, information such as position,direction,andspeed,isoftenbroadcastbyvehiclessoastofacilitatefastmulti-hoppropagationofpossiblealertmessages.Unfortunately,amaliciousvehiclecaninjectbogusinformationorcheataboutitsposition.Inthiswork,weanalyzetheimpactofapositioncheatingattackonanalertmessageapplication.Weshowthatthisweaknesswefoundcouldbeleveragedbyanadversaryinaveryeffectiveway.Furthermore,ouranalysis leads us to design a countermeasure to this threat. Finally, we run a set of simulations whichconfirmourfindings.

• W.B.Jaballah,M.Conti,M.Mosbah,C.Palazzi,“FastandSecureMulti-hopBroadcastSolutionsforInter-VehicularCommunication”,InIEEETransactionsonIntelligentTransportationSystems,15(1):433-450,2014.

. Abstract: Intervehicular communication (IVC) isan importantemerging researcharea that isexpected toconsiderablycontributetotrafficsafetyandefficiency.Inthiscontext,manypossibleIVCapplicationssharethecommonneedforfastmultihopmessagepropagation,includinginformationsuchasposition,direction,and speed. However, it is crucial for such a data exchange system to be resilient to security attacks.Conversely, a malicious vehicle might inject incorrect information into the intervehicle wireless links,leadingtolifeandmoneylossesortoanyothersortofadversarialselfishness(e.g.,trafficredirectionforthe adversarial benefit). In this paper, we analyze attacks to the state-of-the-art IVC-based safetyapplications.Furthermore,thisanalysisleadsustodesignafastandsecuremultihopbroadcastalgorithmforvehicularcommunication,whichisprovedtoberesilienttotheaforementionedattacks.

• W.B.Jaballah,M.Conti,M.Mosbah,C.Palazzi,“ASecureAlertMessagingSystemforSafeDriving”,In(Elsevier)ComputerCommunications,46:29-42,2014.

Abstract:Vehicularsafetyisanemergentapplicationininter-vehicularcommunications.Asthisapplicationis based on fast multi-hop message propagation, including information such as position, direction, andspeed, it is crucial for the data exchange system of the vehicular application to be resilient to securityattacks. To make vehicular networks viable and acceptable to consumers, we have to design secureprotocolsthatsatisfytherequirementsofthevehicularsafetyapplications.Thecontributionofthisworkisthreefold. First, we analyze the vulnerabilities of a representative approach named Fast Multi-hop

Algorithm (FMBA) to the position cheating attack. Second, we devise a fast and secure inter-vehicularaccident warning protocol which is resilient against the position cheating attack. Finally, an exhaustivesimulationstudyshowstheimpactoftheattackontheprotocolFMBAondelayingthetransmissionofalertmessages.Furthermore,weshowthatour securesolution iseffective inmitigating thepositioncheatingattack.

• M.Ambrosin,C.Busold,M.Conti,A.Sadeghi,M.Schunter,“Updaticator:UpdatingBillionsofDevicesbyanEfficient,ScalableandSecureSoftwareUpdateDistributionOverUntrustedCache-enabledNetworks”,InProceedingsoftheEuropeanSymposiumonResearchinComputerSecurity(ESORICS2014),pages76-93,September2014.

Abstract: Secure and fast distribution of software updates and patches is essential for improvingfunctionalityandsecurityofcomputersystems.Today,eachdevicedownloadsupdatesindividuallyfromasoftware provider distribution server. Unfortunately, this approach does not scale to large systemswithbillions of devices where the network bandwidth of the server and the local Internet gateway becomebottlenecks. Cache-enabled Network (CN) services (either proprietary, as Akamai, or open Content-Distribution Networks) can reduce these bottlenecks. However, they do not offer security guaranteesagainst potentially untrusted CN providers that try to threaten the confidentiality of the updates or theprivacyof theusers. In thispaper,weproposeUpdaticator, the first protocol for softwareupdatesoverCache-enabledNetworksthatisscalabletobillionsofconcurrentdeviceupdateswhilebeingsecureagainstmalicious networks.We evaluate our proposal consideringNamed-DataNetworking, a novel instance ofCache-enabledoverlayNetworks.OuranalysisandexperimentalevaluationshowthatUpdaticatorremovesthebottlenecksof individualdevice-updatedistribution,by reducing thenetwork loadat thedistributionserver: from linear in the number of devices to a constant, even if billions of devices are requestingupdates. Furthermore,when compared to the state-of-the-art individual device-updatemechanisms, thedownloadtimewithUpdaticatorisnegligible,duetolocalcaching.

• Pericle Perazzo, Kanishka Ariyapala, Mauro Conti and Gianluca Dini. The Verifier Bee: a PathPlanner for Drone-Based Secure Location Verification. Proceedings of IEEE InternationalSymposiumonaWorldofWireless,MobileandMultimediaNetworks(WoWMoM2015),Boston,MA,June14-17,2015.

Abstract. Many dependable systems rely implicitly on the integrity of the positions of theircomponents.Forexample,letusconsiderasensornetworkforpollutionmonitoring:itissufficientthatahostileactorphysicallymovessomesensorstocompletelydisruptthemonitoring.Insuchscenarios,akeyquestionis:howtosecurelyverifythepositionsofdevices?Toanswerthisquestion,researchersproposed several solutions. However, these generally require several fixed stations (anchors) withtrusted positions.In this paper, we explore the possibility to use the emerging drone technology inordertoovercomethelimitationofusingseveralfixedanchors.Inparticular,ourapproachistoreplaceallthefixedanchorswithasingledronethatfliesthroughasequenceofwaypoints.Ateachwaypoint,thedrone“acts like”ananchorandsecurelyverifiesthepositionsofthedevices.Themainchallengehere is to finda convenientpath for thedrone todo this.Theproblempresentsnovelaspects, thusexistingpathplanningalgorithmscannotbeused.WepresentVerifierBee:apathplanningalgorithmthatallowsadronetoperformasecurelocationverificationofasetofdevices.VerifierBeefindsagoodapproximationoftheshortestpath,andatthesametimeitrespectsasetofrequirementsaboutdronecontrollability,localizationprecision,andcommunicationrange.

Cluster:MobilePlatformsProtectionPersonnelinvolvedinthemanagementandprotectionofNationalCriticalInfrastructures(NCIs)oftenusesmobiledevices.Thoseareusedbothasdevicestoaccesstheback-endofthemanagementinfrastructure,aswellascomponentoftheNCIitself(e.g.,thankstothesensingcapabilitiesofthosedevices).Preventingunauthorizedaccesstothesedevices,andtheinformationtheycontainiskeyfortheprotectionofNCIs.In this research area, we focused in particular on the following: (i) policy enforcement, providingmechanisms to enforce the security requirements specified by authorized entities about the actualbehaviourofthedevices(which/howapplicationandinformationcanbeaccessed);(ii)userauthentication,providingnovelmechanismstoauthenticatetheuser;(iii)malwaredetection,inordertopreventmaliciousapplicationtorunonthedevice,particularlywhenthosemalwareistriggeredonlyundersomeparticularcircumstances(e.g.,whentheoperatorisintheproximityofaNCI).

• B. P.S. Rocha, M. Conti, S. Etalle, B. Crispo, ”Hybrid Static-Runtime Information Flow andDeclassification Enforcement.”, In IEEE Transactions on Information Forensics & Security, vol 8,issue8,p.1027,August2013.

Abstract:Therearedifferentparadigmsforenforcinginformationflowanddeclassificationpolicies.Theseapproachescanbedividedintostaticanalyzersandruntimeenforcers.Eachclasshasitsownstrengthsandweaknesses, each being able to enforce a different set of policies. In this paper, we introduce a hybridstatic-runtime enforcement mechanism that works on unannotated program code and supportsinformation-flow control, as well as declassification policies. Our approachmanages to enforce realisticpolicies, as shownby our three running examples, allwithin the context of amobile device application,whichcannotbehandledseparatelybystaticorruntimeapproaches,andarealsonotcoveredbycurrentaccess control models of mobile platforms such as Android or iOS. We also show that including anintermediate step (calledpreloadcheck)makesboth the static analysis system independent (in termsofsecuritylabels)andtheruntimeenforcerlightweight.Finally,weimplementourruntimeenforcerandrunexperimentsthatshowthat itsoverheadisso lowthattheapproachcanberolledoutoncurrentmobilesystems.

• K. Ariyapala, M. Conti, C. Keppitiyagama, “ ContextOS: a Context Aware Operating System forMobileDevices.”,InProceedingsoftheIEEEInternationalConferenceonCyber,PhysicalandSocialComputing(IEEECPSCom2013).

Abstract: The Operating System (OS) manages the hardware resources of a computer. For an OS, theknowledge about context is valuable information in optimizing its tasks. Recentmobile devices, such assmart-phones and tablets, are providingnewavenues in context aware computing, becauseof thewidevariety of sensors integrated into them. This paper identifies the importance of integrating contextawarenessat theOS level. Inparticular,weproposeContextOS,aproofof concept implementationofacontext aware OS for mobile devices. We implemented ContextOS in Android. The results of ourexperimentsconfirmthefeasibilityandusabilityofoursolution.

• M.Conti,B.Crispo, E. Fernandes, Y. Zhauniarovich, ”CRêPE:A System forEnforcingFine-GrainedContext-Related Policies on Android.”, IEEE Transactions on Information Forensics and Security7(5):1426-1438(2012).

Abstract: Current smartphone systems allow the user to use only marginally contextual information tospecify the behavior of the applications: this hinders the wide adoption of this technology to its fullpotential. In this paper, we fill this gap by proposing CRêPE, a fine-grained Context-Related Policy

EnforcementSystemforAndroid.Whiletheconceptofcontext-relatedaccesscontrolisnotnew,thisisthefirstworkthatbringsthisconcept intothesmartphoneenvironment. Inparticular, inourwork,acontextcan be defined by: the status of variables sensed by physical (low level) sensors, like time and location;additional processing on these data via software (high level) sensors; or particular interactionswith theusersor thirdparties.CRêPEallowscontext-relatedpolicies tobeset (evenat runtime)byboth theuserand authorized third parties locally (via an application) or remotely (via SMS,MMS, Bluetooth, andQR-code). A thorough set of experiments shows that our full implementation of CRêPE has a negligibleoverhead in termsofenergy consumption, time,and storage,makingour systemready foraproductionenvironment.

• Y.Zhauniarovich,G.Russello,M.Conti,B.Crispo,E.Fernandes,“MOSES:SupportingandEnforcingSecurity Profiles on Smartphones.”, In IEEE Transactions on Dependable and Secure Computing,11(3):211-223(2014).

Abstract:Smartphonesareveryeffectivetoolsforincreasingtheproductivityofbusinessusers.Withtheirincreasing computational power and storage capacity, smartphones allow end users to perform severaltasks and be always updated while on the move. Companies are willing to support employee-ownedsmartphonesbecauseoftheincreaseinproductivityoftheiremployees.However,securityconcernsaboutdatasharing,leakageandlosshavehinderedtheadoptionofsmartphonesforcorporateuse.InthispaperwepresentMOSES,apolicy-basedframeworkforenforcingsoftwareisolationofapplicationsanddataonthe Android platform. In MOSES, it is possible to define distinct Security Profiles within a singlesmartphone.Eachsecurityprofileisassociatedwithasetofpoliciesthatcontroltheaccesstoapplicationsanddata.Profilesarenotpredefinedorhardcoded,theycanbespecifiedandappliedatanytime.OneofthemaincharacteristicsofMOSESisthedynamicswitchingfromonesecurityprofiletoanother.Werunathorough set of experiments using our full implementation of MOSES. The results of the experimentsconfirmthefeasibilityofourproposal.

• K.Majdanik,C.Giuffrida,M.Conti,H.Bos,”ISensedItWasYou:AuthenticatingMobileUserswithSensor-enhanced Keystroke Dynamics.”, In Proceedings of the 11th Conference on Detection ofIntrusionsandMalware&VulnerabilityAssessment(DIMVA2014),July2014.

Abstract: Inthispaper,weproposesensor-enhancedkeystrokedynamics,anewbiometricmechanismtoauthenticateuserstypingonmobiledevices.Thekeyideaistocharacterizethetypingbehavioroftheuservia unique sensor features and rely on standard machine learning techniques to perform userauthentication.Todemonstratetheeffectivenessofourapproach,weimplementedanAndroidprototypesystemtermedUnagi.Ourimplementationsupportsseveralfeatureextractionanddetectionalgorithmsforevaluation and comparison purposes. Experimental results demonstrate that sensor-enhanced keystrokedynamicscanimprovetheaccuracyofrecentgestured-basedauthenticationmechanisms(i.e.,EER>0.5%)byoneorderofmagnitude,andtheaccuracyoftraditionalkeystrokedynamics(i.e.,EER>7%)bytwoordersofmagnitude.

• M.Conti,N.Dragoni,S.Gottardo,”MITHYS:MindTheHandYouShake-ProtectingmobiledevicesfromSSLusage vulnerabilities.”, InProceedingsof the9th InternationalWorkshoponSecurity&Trustmanagement(STM2013)

Abstract: Recent studies have shown that a significant number of mobile applications, often handlingsensitive data such as bank accounts and login credentials, suffers from SSL vulnerabilities.Most of thetime,thesevulnerabilitiesareduetoimproperuseoftheSSLprotocolresultinginapplicationsexposedto

man-in-the-middle attacks. In this paper, we present MITHYS, a system able to: (i) detect applicationsvulnerabletoman-in-the-middleattacks,and(ii)protectthemagainsttheseattacks.Wedemonstratethefeasibility of our proposal by means of a prototype implementation in Android, named MITHYSApp. Athorough set of experiments assesses the validity of our solution in detecting and protecting mobileapplicationsfromman-in-the-middleattacks,withoutintroducingsignificantoverheads.

• L.Falsina,Y.Fratantonio,S.Zanero,C.Kruegel,G.Vigna,F.Maggi,” SecureandPracticalDynamicCode Loading for Android Applications.”, In Proceedings of the 31st Annual Computer SecurityApplicationsConference(ACSAC),December2015,LosAngeles,CA,USA.(toappear)

Abstract: Android introduced the dynamic code loading (DCL) mechanism to allow for code reuse, toachieve extensibility, to enable updating functionalities or to boost application start-up performance. Inspite of its wide adoption by developers, implementing DCL in a secure way is challenging, leading toserious vulnerabilities such as remote code injection. Previous academic and community attempts atsolving this problem are unfortunately either impractical or incomplete, or in some cases exhibitvulnerabilities.Inthispaper,wepropose,design,implementandtestGrab'nRun,anovelcodeverificationprotocol and a series of supporting libraries, APIs, and components, that address the problem byabstracting away from the developer challenging implementation details. Grab 'n Run is designed to bepractical: it is a drop-in library, requires no modifications to the Android framework or the underlyingDalvik/ARTruntime,isverysimilartothenativeAPIandmostcodecanbeautomaticallyrewrittentouseit.WeevaluateGrab'nRunwithauserstudy,obtainingimpressiveresultsinvulnerabilityreduction,easeofuseandspeedofdevelopment.Wealsoshowthattheperformanceoverheadintroducedbyourlibraryisnegligible.Thelibraryisreleasedasfreesoftware.

Cluster:PrivacyProtectionConventional security mindset considers privacy protection outside the scope of NCI protection sincerelatedtothe lifeofprivatecitizen.Recentattacksandcommonworking practiceshaveshownthatthiscanbeapossibleholeattackersoftenexploit.First,peopleareknowntobetheweakestlinkinthesecuritychainthusprotectionoftheirprivacyimplicitlyincreasethesecurityoftheinfrastructuretheyuse.Second,the boundaries between private and working life are getting blurred, so often, like in the case of USBtokensandmobilephones thesamedevicehasdualuse (e.g.,BringYourOwnDeviceparadigm).Hence,protecting privacy of users (thatmight be also operators and administrators of NCIs) is important. Thisclusteraddresstwodifficultchallenges:i)theprivacyofgeographicallocations,ii)usersprivacyonOnlineSocialNetworks.

Location

• R.DiPietro,R.Mandati,N.V.Verde, “Trackme if youcan:Transparentobfuscation for LocationBased Services.”, The Fourteenth International Symposium on aWorld of Wireless, Mobile andMultimediaNetworks(IEEEWoWMoM2013).

Abstract:Location-basedServices (LBSs) requireknowledgeof theuserposition inorder toprovide theirservices,andinsomecasesLBSsalsotrackusermovements.AlthoughtheseLBSsofferevidentadvantagesto their users, many privacy concerns are sought when user tracking data are shared with the serviceprovider. A few privacy enhancing solutions exist, for instance based on k-anonymity and encryptiontechniques.However,thesesolutionsusuallydegradeserviceprecision,andalsorequirethecollaborationoftheserviceprovider.Inthispaper,weproposeasolutionthatisabletoobfuscatetheuser'spathtothe

serviceprovider,whilepreserving (for the LBS) the capability to computea few functions--useful for theuser--over the obfuscated path. In particular, we provide several contributions: first, we formalize theconceptofobfuscationfunction,andweproposeasolutionthatprovidesuserprivacywhileallowinguserstocontinueleveragingtheservicesofferedbytheserviceproviderandweformallyprovetherobustnessofourapproach.

• E. S. Canlar, M. Conti, B. Crispo, R. Di Pietro, “ CREPUSCOLO: a Collusion Resistant PrivacyPreservingLocationVerificationSystem.”, InProceedingsof the8th InternationalConferenceonRisksandSecurityofInternetandSystems(CRiSIS2013)

Abstract: In location-sensitive applications (e.g. location-based access control, and location-based socialnetworks),usersoftenbenefit frombeingatacertain location.Thesebenefitsare incentivesforuserstocheatabouttheircurrentlocation,inordertogetunauthorizedaccesstoresourcesandservicesprovidedby location-sensitiveapplications.Todealwith this issue,weproposeCREPUSCOLO,a collusion resistantand privacy preserving location verification system. In CREPUSCOLO, we use “location-proofs” collectedfrom co-located mobile devices, which can be endorsed by a “token” acquired from a trusted TokenProvider. In fact, location-proofs endorsed by tokens provide the resiliency against collusion attacks,becausethiscombinationcanprovethatacertainmobiledevicewasatacertainlocationataspecifictime.CREPUSCOLO also protects the source location privacy by enforcing the usage of periodically changingpseudonyms.ExtensivesimulationsshowthatCREPUSCOLOiseffectiveindetectingcollusionattacksevenunderveryconservativehypothesis.Forinstance,withjust11TokenProvidersspreadovera121km2areacharacterizedbyaverylowdensityofcooperatingdevices,90%ofcollusionattacksaredetected.

• P. Ilia, I.Polakis,E.Athanasopoulos,F.Maggi, S. Ioannidis, “Face/Off:PreventingPrivacyLeakageFromPhotosinSocialNetworks.”,Proceedingsofthe2015ACMSIGSACConferenceonComputerandCommunicationsSecurity,November2015,Denver,USA.(toappear)

Abstract:Location-basedServices (LBSs) requireknowledgeof theuserposition inorder toprovide theirservices,andinsomecasesLBSsalsotrackusermovements.AlthoughtheseLBSsofferevidentadvantagesto their users, many privacy concerns are sought when user tracking data are shared with the serviceprovider. A few privacy enhancing solutions exist, for instance based on k-anonymity and encryptiontechniques.However,thesesolutionsusuallydegradeserviceprecision,andalsorequirethecollaborationoftheserviceprovider.Inthispaper,weproposeasolutionthatisabletoobfuscatetheuser'spathtotheserviceprovider,whilepreserving (for the LBS) the capability to computea few functions--useful for theuser--over the obfuscated path. In particular, we provide several contributions: first, we formalize theconceptofobfuscationfunction,andweproposeasolutionthatprovidesuserprivacywhileallowinguserstocontinueleveragingtheservicesofferedbytheserviceproviderandweformallyprovetherobustnessofourapproach.

OnlineSocialNetworks

• F. Buccafurri, L. Fotia andG. Lax, “Allowing Privacy-Preserving Analysis of Social Network Likes.”Proc. ofPST2013 - Eleventh International ConferenceonPrivacy, Security and Trust, July, 2013 -IEEEcomputersociety.

Abstract:SocialnetworkLikes,asthe“LikeButton”recordsofFacebook,canbeusedtoautomaticallyandaccuratelypredicthighly sensitivepersonal attributes. Even though this couldbedone fornonmaliciousreasons, for example to improveproducts, services, and targeting, it represents adangerous invasionofprivacywithsometimesintolerableconsequences.Anyway,completelydefusingtheinformationpowerof

Likes appears improper. In this paper, we propose a mechanism able to keep Likes unlinkable to theidentity of their authors, but to allow the user to choose every time she expresses a Like, those non-identifying (evensensitive)attributesshewantstoreveal.Thisway,anonymousanalysis relatingLikestovariouscharacteristicsofthepopulationispreserved,withnoriskforusers'privacy.TheprotocolisshowntobesecureandalsoreadytothepossiblefutureevolutionofsocialnetworkstowardsP2Pfullydistributedmodels.

• F.Buccafurri,Li.Fotia,G.Lax,“AllowingNon-Identifying InformationDisclosure inCitizenOpinionEvaluation”. Proc. of EGOVIS & EDEM 2013 - 2nd Joint International Conference on ElectronicGovernmentandtheInformationSystemsPerspectiveandInternationalConferenceonElectronicDemocracyPrague,August,2013Springer.

Abstract:Thecontinuousparticipationofcitizensinthedecisionalprocessesofthecommunitythroughthesubmissionoftheiropinionsisakeyfactorofe-democracy.Todothis,itappearsverypromisingtheuseoflightweight e-voting systems relying on existing social networks, as a good way to solve the trade-offamong security, usability and scalability requirements. Among the other security features, anonymity ofcitizens should be guaranteed, at least to be sure that the action of people is actually free fromconditioning. However, the decisional process would be better driven if the opinions of citizens weremapped to social, economic,working, personal, non-identifying attributes. In this paper, by extending aprevioussolutionworkingonexistingsocialnetworks,weovercometheabovelimitbyre-interpretingtheclassicalconceptofsecretenessinsuchawaythatapreferenceexpressedbyacitizencanberelatedtoanumberof(certified)attributeschosenbythecitizenherself,yetkeepingheranonymity.

• M. Conti, A. Hasani, and B. Crispo, “Virtual Private Social Networks and a FacebookImplementation.”InACMTransactionsontheWeb,2013.

Abstract:ThepopularityofSocialNetworkingSites (SNS) isgrowingrapidly,withthe largestsitesservinghundredsofmillionsofusersandtheirprivateinformation.TheprivacysettingsoftheseSNSsdonotallowtheusertoavoidsharingsomeinformation(e.g.,nameandprofilepicture)withalltheotherusers.Also,nomattertheprivacysettings,thisinformationisalwayssharedwiththeSNS(thatcouldsellthisinformationor be hacked). To mitigate these threats, we recently introduced the concept of Virtual Private SocialNetworks(VPSNs). Inthisworkweproposethefirstcompletearchitectureand implementationofVPSNsforFacebook. Inparticular,weaddressan importantproblem leftunexplored inourprevious research—thatistheautomaticpropagationofupdatedprofilestoallthemembersofthesameVPSN.Furthermore,wemadeanin-depthstudyonperformanceandimplementedseveraloptimizationtoreducetheimpactofVPSNonuserexperience.

• D.Lamanna,F.Bertini,G.Lodi,R.Baldoni,“Howtoactwithoutbeingobserved:Progressiveprivacyarchitecture in desktop-as-a-service.”, International Journal of Computer Systems Science &Engineering.2013,vol.28,no6(94p.)

Abstract :Thispaperdescribes thedesign, implementationandexperimentalevaluationofaprogressiveprivacy solution for a DaaS system. Progressive privacy is a privacy preserving model which can beconfigurable(possiblyon-demand)byausernotonlyquantitativelybutratherqualitatively.Theusercandiscriminatewhattypeofinformationmustbepreservedandtowhatextent,accordingtoher/hisdesiredprofilesofprivacy.A lightweightclient-sideproxynamedHedgeProxyhasbeendesignedsuch thatnon-intelligible user contents and non-traceable user actions are guaranteed by enabling homomorphicencryption, oblivious transfer and query obfuscation schemes in the proxy. The paper also proposes animplementationandevaluationoftheHedgeProxybasedonaspecificDaaSenvironmentdevelopedattheUniversityofRomeandcalledVirtualDistroDispatcher(VDD).Resultsofsuchevaluationarediscussedand

aim at assessing the performances experienced by users of VDD against the progressive privacyachievementsthatcanbeobtained.

• G.Cascavilla,A.Burattin,M.Conti,“SocialSpy:Browsing(Supposedly)HiddenInformationinOnlineSocialNetworks”,InProceedingsofthe9thInternationalConferenceonRisksandSecurityofInternetandSystems(CRiSIS2014),inpress,August2014.

Abstract: In this paper,we highlight this problem focusing on one of themost popular social networks,Facebook.Inparticular,weshowhoweasyitistoretrieveinformationthatausermighthavesetas(andhencethoughtas)"private".Asacasestudy,wefocusonretrievingthelistoffriendsforusersthatdidsetthisinformationas"hidden"(tonon-friends).Weproposefourdifferentstrategiestoachievethisgoal,andweevaluatethem.Theresultsofourthoroughexperimentsshowthefeasibilityofourstrategiesaswellastheireffectiveness:ourapproachisabletoretrieveasignificantpercentageofthenamesofthe"hidden"friends:i.e.,some25%onaverage,andmorethan70%forsomeusers.

• F. Beato, M. Conti, B. Preneel, Dario Vettore, “VirtualFriendship: Hiding interactions on OnlineSocialNetworks”,InProceedingsoftheIEEEConferenceonCommunicationsandNetworkSecurity(IEEECNS2014),inpress,October2014.

Abstract:With the increasingconcern thatusershaveaboutprivacy,most socialnetworksofferways tocontroltheprivacyoftheuser.Unfortunately,currentprivacysettingsarenotaseffectiveasusersmightthink. In this paper, we highlight this problem focusing on one of the most popular social networks,Facebook.Inparticular,weshowhoweasyitistoretrieveinformationthatausermighthavesetas(andhencethoughtas)"private".Asacasestudy,wefocusonretrievingthelistoffriendsforusersthatdidsetthisinformationas"hidden"(tonon-friends).Weproposefourdifferentstrategiestoachievethisgoal,andweevaluatethem.

• FilipeBeato,MauroConti,BartPreneel. FriendintheMiddle(FiM):TacklingSocialNetworksDe-Anonymization. In Proceedings of the 5th IEEE InternationalWorkshop on SECurity and SOCialNetworking2013(IEEESESOC2013,workshopofPerCom2013),pages.279-284,March12013.

Abstract : With the large growth of Online Social Networks (OSNs), several privacy threats have beenhighlighted,aswellassolutionstomitigatethem.Mostsolutionsfocusonrestrictingthevisibilityofusersinformation.However,OSNsalsorepresentathreatforcontextualinformation,suchastheOSNstructureandhowuserscommunicateamongeachother.Recentlyproposeddeanonymizationtechniquesprovedtobeeffective in re-identifyingusers inanonymizedsocialnetwork. In thispaper,wepresentFriend in theMiddle (FiM): a novel approach to make OSNs more resilient against de-anonymization techniques.Additionallyweevaluateanddemonstratethroughoutexperimentalresultsthefeasibilityandeffectivenessofourproposal.

• Pericle Perazzo and Gianluca Dini. A Uniformity-Based Approach to Location Privacy. ComputerCommunications,vol.64,pp.21-32,Elsevier,15June2015.

Abstract. As location-based services emerge,many people feel exposed to high privacy threats. Privacyprotection is a major challenge for such services and related applications. A simple approach isperturbation,which adds an artificial noise to positions and returns an obfuscatedmeasurement to therequester.Ourmainfinding is that,unlessthenoise ischosenproperly, thesemethodsdonotwithstandattacksbasedonstatisticalanalysis.Inthispaper,weproposeUNILO,anobfuscationoperatorwhichoffers

highassurancesonobfuscationuniformity,evenincaseofimpreciselocationmeasurement.Wealsodealwith service differentiation by proposing three UNILO-based obfuscation algorithms that offer multiplecontemporaneous levels of privacy. Finally, we experimentally prove the superiority of the proposedalgorithms compared to the state-of-the-art solutions, both in terms of utility and resistance againstinferenceattacks.

• Pericle Perazzo, Pavel Skvortsov and Gianluca Dini. On Designing Resilient Location-PrivacyObfuscators. To appear in The Computer Journal (published online February 11, 2015,doi:10.1093/comjnl/bxv009).

Abstract. The success of location-based services is growing togetherwith the diffusion of GPS-equippedsmartdevices.Asaconsequence,privacyconcernsareraisingyearbyyear.Locationprivacyisbecomingamajor interest inresearchand industryworld,andmanysolutionshavebeenproposedfor it.Oneofthesimplestandmost flexibleapproaches isobfuscation, inwhichtheprecisionof locationdata isartificiallydegradedbeforedisclosing it. In thispaper,wepresentanobfuscationapproachcapableofdealingwithmeasurement imprecision,multiple levelsofprivacy,untrustedserversandadversarialknowledgeof themap. We estimate its resistance against statistical-based de-obfuscation attacks, and we improve it bymeansofthreetechniques,namelyextremevectors,enlarge-and-scaleandhybridvectors.

• F. Buccafurri, L. Fotia,G. Lax, V. Saraswat, Analysis-Preserving Protection ofUser Privacy againstInformationLeakageofSocial-NetworkLikes,InformationSciences,Elsevier(2015)–toappear.

Recent scientific results have shown that social network Likes, such as the “Like Button” records ofFacebook, canbe used to automatically and accurately predict evenhighly sensitive personal attributes.Althoughthiscouldbethegoalofanumberofnon-maliciousactivities,toimproveproducts,services,andtargeting, itrepresentsadangerousinvasionofprivacywithpossibleintolerableconsequences.However,completelydefusingtheinformationpowerofLikesappearsimproper.Inthispaper,weproposeaprotocolabletokeepLikesunlinkabletotheidentityoftheirauthors,insuchawaythattheusermaychooseeverytimesheexpressesaLike,thosenon-identifying(evensensitive)attributesshewantstoreveal.Thisway,analysisanonymouslyrelatingLikestovariouscharacteristicsofpeopleispreserved,withnoriskforusers’privacy. The protocol is shown to be secure and also ready to the possible future evolution of socialnetworkstowardsP2Pfullydistributedmodels.

Cluster:BlackMarketsandNewMethodologyforVulnerabilityAssessmentandMitigationUnderstanding the enemy and the dynamics that regulate cybercrime can be useful to design and draftsecurity policies and adopt security mechanisms that are effective and efficient. This cluster includesresearchtryingtodothat.ItIncludesexperimentalworkrelatedtothestudyandanalysisofblackmarkets,usedtotradeexploit-kits.Italsoincluderesearchonthemethodologyusedtoassesstheriskassociatedtoreportedcomputervulnerabilitiesandattacksandthestrategiestomitigatethem.

• L.Allodi,“Attackereconomicsfor internet-scalevulnerabilityriskassessment”. IntheProc.ofthe6thUSENIXWorkshoponLarge-ScaleExploitsandEmergentThreats.2013.

Abstract:Vulnerabilityriskassessmentisacrucialprocessinsecuritymanagement,andtheCVSSscoreisthestandard-de-factoriskmetricforsoftwarevulnerabilities.Thispapershowsthatcurrentriskassessment

methodologiesdonotfitreal"inthewild"attackdata.Further,itpresentsathree-stepsplantoidentifyan Internet-scale risk assessmentmethodology that accounts for attacker economics and opportunities.Finalaimisamethodologythatcanprovideanswerslikethefollowing:"Ifwedeploythissecuritymeasure,thefractionofourusersaffectedbythistypeofcyberattackswillbelessthanX%".

• L.Allodi,S.Woohyun,andF.Massacci,“Quantitativeassessmentofriskreductionwithcybercrimeblackmarketmonitoring”.InProceedingsofthe2013IEEESS&PInternationalWorkshoponCyberCrime.2013

Abstract:Cybercrimeisnotoriouslymaintainedandempoweredbytheundergroundeconomy,manifestedin black markets. In such markets, attack tools and vulnerability exploits are constantly traded. In thispaper,wefocusonmakingaquantitativeassessmentoftheriskofattackscomingfromsuchmarkets,andinvestigating the expected reduction in overall attacks against final users if, for example, vulnerabilitiestradedintheblackmarketswerealltobepromptlypatched. Inordertoconducttheanalysis,wemainlyuse the data on (a) vulnerabilities bundled in 90+ attack tools traded in the blackmarkets collected byus;(b)actualrecordsof9x107attackscollectedfromSymantec'sDataSharingProgrammeWINE.Ourresultsillustratethatblackmarketvulnerabilitiesarean importantsourceofriskforthepopulationofusers;wefurther show that vulnerabilitymitigation strategiesbasedonblackmarketsmonitoringmayoutperformtraditionalstrategiesbasedonvulnerabilityCVSSscoresbyprovidingupto20%moreexpectedreductioninattacks

• L.Allodi, and F.Massacci, “Howcvss is dossing yourpatchingpolicy (andwasting yourmoney)”.BlackHatUSA2013arXiv:1301.1275[cs.CR],2013

Abstract:CVSSscoreiswidelyusedasthestandard-de-factoriskmetricforvulnerabilities,tothepointthattheUSGovernmentitselfencouragesorganizationsinusingittoprioritizevulnerabilitypatching.WetacklethisapproachbytestingtheCVSSscoreintermsofitsefficacyasa"riskscore"and"prioritizationmetric."We test the CVSS against real attack data and as a result, we show that the overall picture is notsatisfactory:the(lower-bound)over-investmentbyusingCVSStochoosewhatvulnerabilitiestopatchcanashighas300%ofanoptimalone.Weextend theanalysismaking sure toobtain statistically significantresults.

• L.AllodiandF.Massacci.“Comparingvulnerabilityseverityandexploitsusingcase-controlstudies”.ACMTransactionsonInformationandSystemSecurity,17(1):1:1–1:20,2014.

Abstract:(U.S.)Rule-basedpoliciesformitigatingsoftwarerisksuggestusingtheCVSSscoretomeasuretherisk of an individual vulnerability and act accordingly. A key issue is whether the ‘danger’ score doesactuallymatch the risk of exploitation in the wild, and if and how such a score could be improved. Toaddressthisquestion,weproposeusingacase-controlstudymethodologysimilartotheprocedureusedtolink lung cancer and smoking in the 1950s. The methodology allows us to quantify the risk reductionachievablebyactingontherisk factor.We illustratethemethodologybyusingpubliclyavailabledataonvulnerabilities,exploits,andexploitsinthewildto(1)evaluatetheperformancesofthecurrentriskfactorintheindustry,theCVSSbasescore;(2)determinewhether itcanbeimprovedbyconsideringadditionalfactorssuchtheexistenceofaproof-of-conceptexploit,orofanexploitintheblackmarkets.Ouranalysisreveals that (a) fixing a vulnerability just because it was assigned a high CVSS score is equivalent torandomlypickingvulnerabilitiestofix;(b)theexistenceofproof-of-conceptexploitsisasignificantlybetterriskfactor;(c)fixinginresponsetoexploitpresenceinblackmarketsyieldsthelargestriskreduction.

• L.Allodi and F.Massacci, “Tutorial: Effective securitymanagement: using case control studies tomeasure vulnerability risk”. Presented at the 25th IEEE International Symposium on SoftwareReliabilityEngineering(2014).

Tutorialonhowtoapplythemethodology

• F. Massacci and V. H. Nguyen. “An Emprical Methodology to Evaluate Vulnerability DiscoveryModels”TransactionofSoftwareEngineering40(12),1147-1162.

Abstract:VulnerabilityDiscoveryModels(VDMs)operateonknownvulnerabilitydatatoestimatethetotalnumberofvulnerabilitiesthatwillbereportedafterasoftwareisreleased.VDMshavebeenproposedbyindustryandacademia,butthereisnosystematicallyindependentevaluationbyresearcherswhoarenotmodelproponents.Moreover,thetraditionalevaluationmethodologyhassomeissuesthatbiasedpreviousstudiesinthefield.InthisworkweproposeanempiricalmethodologythatsystematicallyevaluatestheperformanceofVDMsalongtwodimensions(qualityandpredictability)andaddressesallidentifiedissuesofthetraditionalmethodology.WeconductanexperimenttoevaluatemostexistingVDMsonpopularwebbrowsers’vulnerabilitydata.Ourcomparisonshowsthattheresultsobtainedbytheproposedmethodologyaremoreinformativethanthosebythetraditionalmethodology.AmongtheevaluatedVDMs,thesimplestlinearmodelisthemostappropriatechoiceintermsofbothqualityandpredictabilityforthefirst6–12monthssinceareleasedate.Otherwise,logistics-basedmodelsarebetterchoices.

• V.H.Nguyen,S.Dashevskyi,andF.Massacci.Anautomaticmethodforassessingtheversionsaffectedbyavulnerability.EmpiricalSoftwareEngineering,pp1-30,2015.

Abstract:Vulnerabilitydatasourcesareusedbyacademicstobuildmodels,andbyindustryandgovernmenttoassesscompliance.Errorsinsuchdatasourcesthereforenotonlyarethreatstovalidityinscientificstudies,butalsomightcauseorganizations,whichrelyonretroversionsofsoftware,tolosecompliance.Inthiswork,weproposeanautomatedmethodtodeterminethecodeevidenceforthepresenceofvulnerabilitiesinretrosoftwareversions.Themethodscansthecodebaseofeachretroversionofsoftwareforthecodeevidencetodeterminewhetheraretroversionisvulnerableornot.Itidentifiesthelinesofcodethatwerechangedtofixvulnerabilities.Ifanearlierversioncontainsthesedeletedlines,itishighlylikelythatthisversionisvulnerable.Toshowthescalabilityofthemethodweper-formedalargescaleexperimentsonChromeandFirefox(spanning7,236vulnerablefilesandapproximately9,800vulnerabilities)ontheNationalVulnerabilityDatabase(NVD).Theeliminationofspuriousvulnerabilityclaims(e.g.entriestoavulnerabilitydatabasesuchasNVD)foundbyourmethodmaychangetheconclusionsofstudiesontheprevalenceoffoundationalvulnerabilities.

• Allodi, Luca, Marco Corradin, and Fabio Massacci. "Then and now: on the maturity of thecybercrimemarkets(Thelessonthatblack-hatmarketeerslearned)."(2015).

Abstract: Cybercrime activities are supported by infrastructures and services originating from anunderground economy. The current understanding of this phenomenon is that the cybercrime economyought tobe fraughtwith informationasymmetryandadverse selectionproblems.Theyshouldmake theeffectsthatweobserveeveryday impossibletosustain. Inthispaperweshowthatthemarketstructureand design used by cyber criminals have evolved towards amarket design that is similar to legitimate,thriving, on-line forum markets such as eBay. We illustrate this evolution by comparing the ‘marketregulatorymechanisms’ of two underground forummarkets: a failedmarket for credit cards and otherillegal goodsandanother, extremelyactivemarketplace for vulnerabilities, exploits, and cyberattacks in

general.Thecomparisonshowsthatcybercrimemarketsevolvedfromunruly,‘scamforscammers’marketmechanismstomature,regulatedmechanismsthatgreatlyfavorstradeefficiency.

• L. Allodi. “The Heavy Tails of Vulnerability Exploitation” In In Engineering Secure Software andSystems,pp.133-148.SpringerInternationalPublishing,2015.

Abstract: In this paper we analyse the frequency at which vulnerabilities are exploited in the wild byrelying on data collected worldwide by Symantec’s sensors. Our analysis comprises 374 exploitedvulnerabilitiesforatotalof75.7Millionrecordedattacksspanningthreeyears(2009-2012).Wefindthatfor some software as little as 5%of exploited vulnerabilities is responsible for about 95%of the attacksagainstthatplatform.Thisstronglyskeweddistributionisconsistentforallconsideredsoftwarecategories,forwhicha general take-away is that less than10%of vulnerabilities account formore than90%of theattacks (with the exception of pre-2009 Java vulnerabilities). Following these findings, we hypothesisevulnerability exploitation may follow a Power Law distribution. Rigorous hypothesis testing results inneither accepting nor rejecting the Power Law Hypothesis, for which further data collection from thesecuritycommunitymaybeneeded.Finally,wepresentanddiscusstheLawoftheWork-AverseAttackerasapossibleexplanationfortheheavy-taileddistributionswefindinthedata,andpresentexamplesofitseffectsforAppleQuicktimeandMicrosoftInternetExplorervulnerabilities.

• L. Allodi, F. Massacci. "The work-averse attacker model." In In the Proceedings of the 2015EuropeanConferenceonInformationSystems(ECIS).2015.

Abstract:Inthispaperwepresentandvalidateanovelattackermodelbasedontheeconomicnotionthattheattackerhas limitedresourcestoforgeanewattack.Wefocusonthevulnerabilityexploitationcase,whereby the attacker has to choose whether to exploit a new vulnerability or keep an old one. Wepostulate thatmost vulnerabilities remainunattacked, and that theexploitdevelopment cycle relates tosoftwareupdatesratherthantothedisclosureofnewvulnerabilities.Wedevelopasimplemathematicalmodel to show the mechanisms underlying our observations and name it “The Work-Averse AttackerModel”. We then leverage Symantec’s data sharing platformWINE to validate our model by analysingrecordsofattacksagainstmorethan1Mrealsystems.Wefindthe‘ModeloftheWork-AverseAttacker’tobe strongly supportedby thedata and, inparticular, that: (a) the greatmajorityof attacksper softwareversionisdrivenbyonevulnerabilityonly;(b)anexploitlivestwoyearsbeforebeingsubstitutedbyanewone;(c)theexploitarrivalratedependsonthesoftware’supdaterateratherthanontimeorknowledgeofthevulnerability.

Cluster:AttacksTo be able to design effective and efficient security solutions aiming at preventing attacks, securitypractitioners and researchers must have an in-depth knowledge of such attacks. It’s also important toinvestigateandexplorenewmethodsandattacktechniquesaswellasnewattackvectorsthatcantargetspecificallyNCIs.Thisclusteraddressesthisissuesproposingi)newattacktechniquestoexistingnetworkandcommunicationinfrastructuresandii)newattackvectors.

• M. Conti, R. Di Pietro, and A. Spognardi, “CloneWars: Distributed Detection of Clone Attack in

MobileWSNs.”, In (Elsevier) Journal of Computer and SystemSciences,Volume80, Issue3,May2014,Pages654–669.

Abstract:AmongsecuritychallengesraisedbymobileWirelessSensorNetworks,cloneattackisparticularlydreadful since it makes an adversary able to subvert the behavior of a network just leveraging a fewreplicasofsomepreviouslycompromisedsensors.Inthiswork,weprovideseveralcontributions:first,weintroducetwonovel realisticadversarymodels, thevanishingandthepersistentadversary,characterizedby different compromising capability. We then propose two distributed, efficient, and cooperativeprotocolstodetectreplicas:HistoryInformation-exchangeProtocol(HIP)anditsoptimizedversion(HOP).Both HIP and HOP leverage just local (one-hop) communications and node mobility, and differ for theamount of computation required. We study their behavior against the introduced types of attacker,considering twodifferentmobilitymodelsandcomparingoursolutionsagainst thestateof theart.Bothanalysisandsimulationresultsshowthatoursolutionsareeffectiveandefficient,providinghighdetectionrate,whileincurringlimitedoverhead.

• L.. Taponecco, P. Perazzo, A. D'Amico, G. Dini, “On the Feasibility of Overshadow EnlargementAttackonIEEE802.15.4aDistanceBounding.”CommunicationsLetters,IEEE,vol.PP,no.99,pp.1,4,2014

Abstract:Distance-boundingprotocolsareabletomeasureasecureupperboundtothedistancebetweentwodevices. Theyaredesigned to resist to reductionattacks,whoseobjective is reducing themeasureddistance. In this paper we focus on the opposite problem, the enlargement attack, which is aimed atenlarging themeasureddistance.Weanalyze the feasibilityof enlargementattacks throughovershadowstrategies on 802.15.4a UWB distance-bounding protocols. We show that the overshadow strategies,generallyconsideredfeasiblebytheexistingliterature,areactuallydifficulttocarryout.Dependingonthedelay introduced by the adversary, there are cases in which they have no effect or their effect is notcontrollable.

• PericlePerazzoandGianlucaDini.SecurePositioningwithNon-IdealDistanceBoundingProtocols.Proceedings of the Twentieth IEEE Symposium on Computers and Communications (ISCC 2015),Larnaca(Cyprus),6-9July,2015.

Abstract.Distanceboundingprotocolsaresecureprotocolstodetermineanupperboundtothedistancebetweentwodevices.Theseprotocolshaveshowntobeusefulformanytasks,fromproximityverificationtosecurepositioning.Unfortunately, realdistanceboundingprotocolshardly fulfill theclaimedproperty.AttacksatthePHYlayermaycausesignificantreductionsontheestimatedupperbound.Theseattackscanbe mitigated, not eliminated, by changing the receiver architecture and the PHY layer. Every distanceboundingprotocolisthusnon-ideal.Inthispaper,westudytheimpactofnon-idealdistanceboundingonthereliabilityofsecurepositioningtechniques.Weshowthatareductionof10meters,which ispossibleagainst a real PHY layer, allows the adversary to falsify a position of 21 meters. We also propose twocountermeasurestomitigatetheproblem,andthenestimatetheirefficacybysimulations.

• N. V. Verde, G. Ateniese, E. Gabrielli, L. V. Mancini, A. Spognardi, ”No NAT’d User left BehindFingerprintingUsersbehindNATfromNetFlowRecordsalone”,ICDCS'14

Abstract:Itisgenerallyrecognizedthatthetrafficgeneratedbyanindividualconnectedtoanetworkactsashisbiometric signature.Several toolsexploit this fact to fingerprintandmonitorusers.Often, though,thesetoolsassumetoaccesstheentiretraffic,includingIPaddressesandpayloads.Thisisnotfeasibleonthegroundsthatbothperformanceandprivacywouldbenegativelyaffected.Inreality,mostISPsconvertuser traffic into NetFlow records for a concise representation that does not include, for instance, anypayloads.Moreimportantly,largeanddistributednetworksareusuallyNAT'd,thusafewIPaddressesmay

be associated to thousands of users.We devised a new fingerprinting framework that overcomes thesehurdles.OursystemisabletoanalyzeahugeamountofnetworktrafficrepresentedasNetFlows,withtheintent to track people. It does so by accurately inferringwhen users are connected to the network andwhichIPaddressestheyareusing,eventhoughthousandsofusersarehiddenbehindNAT.OurprototypeimplementationwasdeployedandtestedwithinanexistinglargemetropolitanWiFinetworkservingabout200,000users,withanaverageloadofmorethan1,000userssimultaneouslyconnectedbehind2NAT'dIPaddressesonly.Oursolutionturnedouttobeveryeffective,withanaccuracygreaterthan90%.Wealsodevised new tools and refined existing ones that may be applied to other contexts related to NetFlowanalysis.

• L.Aniello,R.Baldoni,C.Ciccotelli,G.AntonioDiLuna,F.Frontali, L.Querzoni,“TheOverlayScanAttack: Inferring Topologies of Distributed Pub/Sub Systems through Broker Saturation.”, toappear in Proceedings of the 8th ACM International Conference on Distributed Event-BasedSystems(DEBS),2014.

Abstract: While pub/sub communication middleware has become main-stream in many applicationdomains, little has been done to assess itsweaknesses from a security standpoint. Complex attacks areusuallyplannedbyattackersbycarefullyanalyzingthevictimtoidentifythosesystemsthat,ifsuccessfullytargeted,couldprovidethemosteffectiveresult.Inthispaperweshowthatsomepub/submiddlewareareinherently vulnerable to a specific kind of preparatory attack, namely the Overlay Scan Attack, that amalicioususercouldexploittoinfertheinternaltopologyofasystem,asensibleinformationthatcouldbeused to plan future attacks. The topology inference is performed by only using the standard primitivesprovided by the pub/sub middleware and assuming minimal knowledge on the target system. ThepracticalityofthisattackhasbeenshownbothinasimulatedenvironmentandthroughatestperformedonaSIENApub/subdeployment.

• E. Fernandes,B.Crispo,andM.Conti, “FM99.9,RadioVirus:ExploitingFMRadioBroadcasts for

MalwareDeployment”,InIEEETransactionsonInformationForensics&Security,Vol.8,issue6,p.1027,June2013.

Abstract:ManymodernsmartphonesandcarradiosareshippedwithembeddedFMradioreceiverchips.WhilethemaingoalofembeddingthesechipsistoprovideaccesstotraditionalFMradiostations,asideeffect is the availability of a data channel, the FM Radio Data System (RDS), which connects all thesedevices.DifferentfromotherexistingIP-baseddatachannelsamongportabledevices,thisnewoneisopen,broadcastinnature,andsofarcompletelyignoredbysecurityproviders.ThispaperillustratesforthefirsttimehowtoexploittheFMRDSprotocolasanattackvectortodeploymalwarethat,whenexecuted,gainsfullcontrolofthevictim'sdevice.Weshowhowthisattackvectorallowstheadversarytodeploymalwareondifferentplatforms. Furthermore,wehave shown the infection is undetectedondevices running theAndroid OS, since malware detection solutions are limited in their ability due to some features of theAndroidsecuritymodel.WesupportourclaimsbyimplementinganattackusingRDSondifferentdevicesavailableonthemarket(smartphones,carradios,andtablets)runningthreedifferentversionsofAndroidOS.

ConclusionsandupcomingdevelopmentsThisdeliverablepresentstheworkdonewithinTENACEaboutsolutionsaimingatpreventingattacks.Whilepreventionalone is not sufficient, it is necessarynotonly toblockordeter attacksbut also inorder tospecifywhich security, trust and privacy properties the target systemmust implement and how. Thesepropertiesarewellknownandhavebeenstudiedforyears,however,implementingtheminthedomainofNationalCriticalInfrastructureisanewandopenchallengesasdescribedbymanyofthepapersincludedinthis deliverable. The specificity of each area of application and underlying technology is reflected in thestructureof thedeliverableorganized inresearchclusters.Theseare: InternetandCloud,SCADA,MobilePlatforms,Wireless SensorsNetworksandPrivacy. Tobeabletoprotectsystemsagainstanenemyanddesigneffectivedefenses,securityexpertsneedalsotolearnaboutattackersandattacks,howtheyactandwhat is the rational and thedynamics regulating their actions.Hence, thedeliverable includes also tworesearchclustersaddressingtheseaspects.

Upcmoningdevelopments–DataSharingandPrivacy

Sharing information amongmultiple parties has already been proven to be promising in different fields[3][6][2][4][5].Inallthesearticles,informationsharingallowstohavelargerdatasetsand,hence,performmoreaccuratestatisticalanalysesanddataminingtasks.However,wheninforma-tionisshared,privacyofcontributing parties needs to be preserved. In order tomake this possible,wepropose a novel solutionbasedonaprobabilisticdatastructure,widelyusedinthefieldofstreamprocessing:thecount-minsketch[1].

Count-minsketcheshavethreedesirablepropertieswhichguaranteeatunablelevelofprivacy:(i)implicitrepresentation, ( ii ) deniability of queries, and ( iii ) uncertainty of results. The proposed approach isapplicableanytimethesystembenefitsfromthecooperationofitsparties,andmanagessensiblenumericaldata,representableaskey-valuepairs,thatparticipantsexchange.Evaluationshavebeenconductedonamalwaredetectionframework,namedAMICO[7].

AMICO relies on a provenance classifier to learn the download behavior of network users and, hence,detectmalwaredownloads in livewebtraffic.Oneof itsmajordrawbacks isthat itneedsa largeenoughamount of labeled instances to be used as ground truth to train the classifier. In a small network, thesystem could takemonths before it is able to correctly classify malware threats, leav- ing the networkvulnerable to attacks. Nevertheless, in a collaborative environment, parties having their provenanceclassifier trained could share information they own with other parties that have just joined theenvironment. Since this would raise several privacy concerns related to the data exchanged, in theproposedsolution,informationissharedinprivacy-preservingfashionthroughcount-minsketches.

Results showthat theerror introduceddoesnot stronglyaltermalwaredetectorprocessofdeciding ifadownloadedfileisamalwareornot.However,theyrevealthattheclassificationfalsenegativerateismoreaffected than the false positive one, meaning that errors in the sketches may cause a malware to beundetectedratherthanraiseafalsealarmforadownloadedbenignfile.

Concluding, the overall results obtained prove that classification is resistant against introduction of atailorednoisewithindata.Thisdemonstrateshowcount-minsketchescanbeavalidsolutionforpri-vacypreservation,offeringa trade-offbetweentheprotectionof the informationandthedatautility.As finalcontribution,personalization,recommenderandfraudmonitoringsystemshavebeenfur-theridentifiedastargetscenariosinwhichcount-minsketchescanbeappliedtopreserveparties’privacy.

REFERENCES

[1] G. Cormode and S. Muthukrishnan. Approximating data with the count-min sketch. Software,IEEE,29(1):64–69,2012.

[2]DanielGallegoandGabrielHuecas.Anempiricalcaseofacontext-awaremobilerecommendersysteminabankingenvironment.InMUSIC,pages13–20.IEEE,2012.

[3] Aris Gkoulalas-Divanis, Grigorios Loukides, and Jimeng Sun. Publishing data from electronic healthrecords while preserving privacy: A survey of algorithms. Journal of Biomedical Informat- ics, 50:4–19,2014.

[4] A. J. P. Jeckmans, M. R. T. Beye, Z. Erkin, P. H. Hartel, R. L. Lagendijk, and Q. Tang. Privacy inrecommender systems. In SocialMedia Retrieval, Computer Communications andNetworks, pages 263–281.SpringerVerlag,London,January2013.

[5] Bingdong Li, Jeff Springer, George Bebis, and Mehmet Hadi Gunes. A survey of network flowapplications.JournalofNetworkandComputerApplications,36(2):567–581,2013.

[6] EranToch,YangWang,andLorrieFaithCranor.Personalizationandprivacy:Asurveyofprivacy risks andremediesinpersonalization-basedsystems.UserModelingandUser-AdaptedInteraction,22(1-2):203–220,April2012.

[7]PhaniVadrevu,BabakRahbarinia,RobertoPerdisci,KangLi,andManosAntonakakis.Measuringanddetectingmalwaredownloadsinlivenetworktraffic.InComputerSecurity-ESORICS2013,pages556–573.SpringerBerlinHeidelberg,2013.

Upcmoningdevelopments–CollaborativeMalwareDetection

Malwarecampaignsarecontinuouslyincreasingandevolving,keepingupwithrelativelynewservicesandtechnologiessuchassocialnetworksandsmartphones.Malwarecampaignsaffect thee-mailworld,webdownloads, social networks and mobile devices. Since 2013, Trend Micro reports that the majority oftargeted attack victims are various government agencies, including telecommunication firms, Internetserviceproviders,andsoftwarecompanies[1].

Recently,manyresearcheshavebeenpublishedaimingat identifyingmalwarecampaigns [6][4][5] [3][2].Suchdetectiontechniquesrelyonthefactthattheincidentscausedbycampaignshavesameobjectiveandemploythesamedisseminationstrategy[3].BasedonthecontributionprovidedinthePrivacyProtectioncluster, we propose to leverage information sharing through count-min sketches to detect malwarecampaignsthatattackmultipleorganizations.

In order to provide a concrete example, we consider AMICO [5], a malware detection framework fordetecting malware downloads in live web traffic. It relies on a provenance classifier that, after beingtrained, is able to accurately detect future malware downloads based on their statistical provenancefeatures.These latterhavebeenengineeredtomake impossible foranattackertoevadethemajorityofthe provenance feature extracted from downloaded files. For this reason, AMICO can detect malwaredistributioncampaigns,eveniftheyuseanagiledisseminationinfrastructure.

Our proposal is, therefore, to take into account a collaboration environment constituted by multi- pleinstancesofAMICO,eachoneownedbydifferentorganizationsand/orcompanies.Inthisway,partiescanexchangestatisticalprovenancefeatures, inprivacy-preservingfashion,allowingthemtopossibly identifynew malwares, already detected by other parties. In addition, as soon as a party detects a malwarecampaign, it can timely share information with the other participants to let their classifiers be able torecognizeimmediatelysuchthreat.Finally,datarelatedtothecampaignscanbesubsequentlyusedtofeedcyberthreatintelligencetoolsinordertoinferattributionstophysicalworldcyberactorsandcorrelationstootherthreats.

REFERENCES

[1]2ndquarterreportontargetedattackcampaigns.Technicalreport,2013.

[2] MamounAlazab andRoderic Broadhurst. Spamand criminal activity. Trends and Issues (Aus- tralianInstituteofCriminology),Forthcoming,2015.

[3] MichaÅC Kruczkowski, Ewa Niewiadomska-Szynkiewicz, and Adam Kozakiewicz. Fp-tree andsvmformaliciouswebcampaigndetection.InNgocThanhNguyen,BogdanTrawiÅDˇski,and Raymond Kosala,editors,IntelligentInformationandDatabaseSystems,volume9012ofLectureNotesinComputerScience,pages193–201.SpringerInternationalPublishing,2015.

[4] C.Miles, A. Lakhotia, C. LeDoux, A. Newsom, and V. Notani. Virusbattle: State-of-the-artmal- wareanalysis for better cyber threat intelligence. In Resilient Control Systems (ISRCS), 2014 7th InternationalSymposiumon,pages1–6,Aug2014.

[5]PhaniVadrevu,BabakRahbarinia,RobertoPerdisci,KangLi,andManosAntonakakis.Measuringanddetectingmalwaredownloadsinlivenetworktraffic.InComputerSecurity-ESORICS2013,pages556–573.SpringerBerlinHeidelberg,2013.

[6] JialongZhang,SabyasachiSaha,GuofeiGu,Sung-JuLee,andMarcoMellia.Systematicminingof associatedserver herds for malware campaign discovery. In 35th IEEE International Conference on DistributedComputingSystems,ICDCS2015,Columbus,OH,USA,June29-July2,2015,pages630–641,2015.

Date post:	22-Aug-2018
Category:	Documents
Upload:	lamdiep
View:	213 times
Download:	0 times

Critical Infrastructure Protection: Security Solutions and...

Documents