To Örebro University

oru.seÖrebro University Publications
Change search
Link to record
Permanent link

Direct link
Publications (10 of 27) Show all publications
Zhu, Y., Chen, Z., Yan, Q., Wang, S., Giaretta, A., Li, E., . . . Conti, M. (2023). Devils in the Clouds: An Evolutionary Study of Telnet Bot Loaders. In: Michele Zorzi; Meixia Tao; Walid Saad (Ed.), ICC 2023 - IEEE International Conference on Communications: . Paper presented at IEEE International Conference on Communications (ICC 2023), Rome, Italy, May 28 - June 1, 2023 (pp. 2338-2344). IEEE
Open this publication in new window or tab >>Devils in the Clouds: An Evolutionary Study of Telnet Bot Loaders
Show others...
2023 (English)In: ICC 2023 - IEEE International Conference on Communications / [ed] Michele Zorzi; Meixia Tao; Walid Saad, IEEE, 2023, p. 2338-2344Conference paper, Published paper (Refereed)
Abstract [en]

One of the innovations brought by Mirai and its derived malware is the adoption of self-contained loaders for infecting IoT devices and recruiting them in botnets. Functionally decoupled from other botnet components and not embedded in the payload, loaders cannot be analysed using conventional approaches that rely on honeypots for capturing samples. Different approaches are necessary for studying the loaders evolution and defining a genealogy. To address the insufficient knowledge about loaders' lineage in existing studies, in this paper, we propose a semantic-aware method to measure, categorize, and compare different loader servers, with the goal of highlighting their evolution, independent from the payload evolution. Leveraging behavior-based metrics, we cluster the discovered loaders and define eight families to determine the genealogy and draw a homology map. Our study shows that the source code of Mirai is evolving and spawning new botnets with new capabilities, both on the client side and the server side. In turn, shedding light on the infection loaders can help the cybersecurity community to improve detection and prevention tools.

Place, publisher, year, edition, pages
IEEE, 2023
Series
IEEE International Conference on Communications, ISSN 1550-3607, E-ISSN 1938-1883
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:oru:diva-111188 (URN)10.1109/ICC45041.2023.10278636 (DOI)2-s2.0-85178255384 (Scopus ID)9781538674628 (ISBN)9781538674635 (ISBN)
Conference
IEEE International Conference on Communications (ICC 2023), Rome, Italy, May 28 - June 1, 2023
Note

This work was supported by the Shandong Provincial Key R&D Program of China under Grants No.2021SFGC0401, the National Natural Science Foundation of China under Grants No. 61702218, No.61972176, Project of Shandong Province Higher Educational Youth Innovation Science and Technology Program under Grant No.2019KJN028, Natural Science Foundation of Shandong Province under Grant No. ZR2019LZH015.

Available from: 2024-01-29 Created: 2024-01-29 Last updated: 2024-01-31Bibliographically approved
Giaretta, A. & Loutfi, A. (2023). On the people counting problem in smart homes: undirected graphs and theoretical lower-bounds. Journal of Ambient Intelligence and Humanized Computing, 14(4), 3839-3851
Open this publication in new window or tab >>On the people counting problem in smart homes: undirected graphs and theoretical lower-bounds
2023 (English)In: Journal of Ambient Intelligence and Humanized Computing, ISSN 1868-5137, E-ISSN 1868-5145, Vol. 14, no 4, p. 3839-3851Article in journal (Refereed) Published
Abstract [en]

Smart homes of the future will have to deal with multi-occupancy scenarios. Multi-occupancy systems entail a preliminary and critical feature: the capability of counting people. This can be fulfilled by means of simple binary sensors, cheaper and more privacy preserving than other sensors, such as cameras. However, it is currently unclear how many people can be counted in a smart home, given the set of available sensors. In this paper, we propose a graph-based technique that allows to map a smart home to an undirected graph G and discover the lower-bound of certainly countable people, also defined as certain count. We prove that every independent set of n vertices of an undirected graph G represents a minimum count of n people. We also prove that the maximum number of certainly countable people corresponds to the maximum independent sets of G, and that the maximal independent sets of G provide every combination of active sensors that ensure different minimum count. Last, we show how to use this technique to identify and optimise suboptimal deployment of sensors, so that the assumptions can be tightened and the theoretical lower-bound improved.

Place, publisher, year, edition, pages
Springer, 2023
Keywords
Counting, Smart Home, Multi-occupancy, Graph Theory, Independent Set
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:oru:diva-94963 (URN)10.1007/s12652-021-03514-0 (DOI)000701599000001 ()2-s2.0-85115885370 (Scopus ID)
Note

Funding agency:

Örebro University

Available from: 2021-10-12 Created: 2021-10-12 Last updated: 2023-06-12Bibliographically approved
Ritola, N., Giaretta, A. & Kiselev, A. (2023). Operator Identification in a VR-Based Robot Teleoperation Scenario Using Head, Hands, and Eyes Movement Data. In: Proceedings of the 6th International Workshop on Virtual, Augmented, and Mixed Reality for Human-Robot Interactions (VAM-HRI), 2023: . Paper presented at 6th International Workshop on Virtual, Augmented, and Mixed-Reality for Human-Robot Interactions (VAM-HRI '23), Stockholm, Sweden, March 13-16, 2023. Association for Computing Machinery
Open this publication in new window or tab >>Operator Identification in a VR-Based Robot Teleoperation Scenario Using Head, Hands, and Eyes Movement Data
2023 (English)In: Proceedings of the 6th International Workshop on Virtual, Augmented, and Mixed Reality for Human-Robot Interactions (VAM-HRI), 2023, Association for Computing Machinery , 2023Conference paper, Published paper (Refereed)
Abstract [en]

Remote teleoperation using a Virtual Reality (VR) allows users to experience better degrees of immersion and embodiment. Equipped with a variety of sensors, VR headsets have the potential to offer automatic adaptation to users' personal preferences and modes of operation. However, to achieve this goal VR users must be uniquely identifiable. In this paper, we investigate the possibility of identifying VR users teleoperating a simulated robotic arm, by their forms of interaction with the VR environment. In particular, in addition to standard head and eye data, our framework uses hand tracking data provided by a Leap Motion hand-tracking sensor. Our first set of experiments shows that it is possible to identify users with an accuracy close to 100% by aggregating the sessions data and training/testing with a 70/30 split approach. Last, our second set of experiments show that, even by training and testing on separated sessions, it is still possible to identify users with a satisfactory accuracy of 89,23%.

Place, publisher, year, edition, pages
Association for Computing Machinery, 2023
Keywords
User Identification, Robot Teleoperation, Virtual Reality
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:oru:diva-111187 (URN)
Conference
6th International Workshop on Virtual, Augmented, and Mixed-Reality for Human-Robot Interactions (VAM-HRI '23), Stockholm, Sweden, March 13-16, 2023
Available from: 2024-01-29 Created: 2024-01-29 Last updated: 2024-01-31Bibliographically approved
Tavella, F., Giaretta, A., Conti, M. & Balasubramaniam, S. (2022). A machine learning-based approach to detect threats in bio-cyber DNA storage systems. Computer Communications, 187, 59-70
Open this publication in new window or tab >>A machine learning-based approach to detect threats in bio-cyber DNA storage systems
2022 (English)In: Computer Communications, ISSN 0140-3664, E-ISSN 1873-703X, Vol. 187, p. 59-70Article in journal (Refereed) Published
Abstract [en]

Data storage is one of the main computing issues of this century. Not only storage devices are converging to strict physical limits, but also the amount of data generated by users is growing at an unbelievable rate. To face these challenges, data centres grew constantly over the past decades. However, this growth comes with a price, particularly from the environmental point of view. Among various promising media, DNA is one of the most fascinating candidate. In our previous work, we have proposed an automated archival architecture which uses bioengineered bacteria to store and retrieve data, previously encoded into DNA. The similarities between biological media and classical ones can be a drawback, as malicious parties might replicate traditional attacks on the former archival system, using biological instruments and techniques. In this paper, first we analyse the main characteristics of our storage system and the different types of attacks that could be executed on it. Then, aiming at identifying on-going attacks, we propose and evaluate detection techniques, which rely on traditional metrics and machine learning algorithms. We identify and adapt two suitable metrics for this purpose, namely generalized entropy and information distance.

Place, publisher, year, edition, pages
Elsevier, 2022
Keywords
DNA encoding, Storage system, DoS, Metrics, Machine learning
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:oru:diva-99709 (URN)10.1016/j.comcom.2022.01.023 (DOI)000817094300005 ()2-s2.0-85124592700 (Scopus ID)
Available from: 2022-06-21 Created: 2022-06-21 Last updated: 2022-07-25Bibliographically approved
Pirayesh, J., Giaretta, A., Conti, M. & Keshavarzi, P. (2022). A PLS-HECC-based device authentication and key agreement scheme for smart home networks. Computer Networks, 216, Article ID 109077.
Open this publication in new window or tab >>A PLS-HECC-based device authentication and key agreement scheme for smart home networks
2022 (English)In: Computer Networks, ISSN 1389-1286, E-ISSN 1872-7069, Vol. 216, article id 109077Article in journal (Refereed) Published
Abstract [en]

IoT devices permeate our society, collect personal data, and support critical infrastructures such as the healthcare. Therefore, there is a critical need for authentication and authorization schemes for IoT devices to meet privacy requirements, such as mutual authentication and user anonymity, as well as robustness against security attacks. In this paper, we propose a device authentication and key agreement scheme for IoT networks. Our proposal takes as a model the scheme proposed by Rezai et al., and combines it with a physical layer security technique and a hyper-elliptic curve cryptosystem. Our results show that not only our authentication scheme provides anonymity, mutual authentication, and efficiency, but it also provides resilience to various attacks, including man-in-the-middle, replay, and de-synchronization attacks. Our comparison shows that our scheme performs better than the state-of-the-art in terms of security properties, while adding a small overhead of ≈ 10(ms).

Place, publisher, year, edition, pages
Elsevier, 2022
Keywords
IoT, Smart home, Device authentication, Key agreement, PLS, HECC, HECDSA
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:oru:diva-99710 (URN)10.1016/j.comnet.2022.109077 (DOI)000889101200001 ()2-s2.0-85136604673 (Scopus ID)
Available from: 2022-06-21 Created: 2022-06-21 Last updated: 2023-01-05Bibliographically approved
Chimamiwa, G., Giaretta, A., Alirezaie, M., Pecora, F. & Loutfi, A. (2022). Are Smart Homes Adequate for Older Adults with Dementia?. Sensors, 22(11), Article ID 4254.
Open this publication in new window or tab >>Are Smart Homes Adequate for Older Adults with Dementia?
Show others...
2022 (English)In: Sensors, E-ISSN 1424-8220, Vol. 22, no 11, article id 4254Article, review/survey (Refereed) Published
Abstract [en]

Smart home technologies can enable older adults, including those with dementia, to live more independently in their homes for a longer time. Activity recognition, in combination with anomaly detection, has shown the potential to recognise users' daily activities and detect deviations. However, activity recognition and anomaly detection are not sufficient, as they lack the capacity to capture the progression of patients' habits across the different stages of dementia. To achieve this, smart homes should be enabled to recognise patients' habits and changes in habits, including the loss of some habits. In this study, we first present an overview of the stages that characterise dementia, alongside real-world personas that depict users' behaviours at each stage. Then, we survey the state of the art on activity recognition in smart homes for older adults with dementia, including the literature that combines activity recognition and anomaly detection. We categorise the literature based on goals, stages of dementia, and targeted users. Finally, we justify the necessity for habit recognition in smart homes for older adults with dementia, and we discuss the research challenges related to its implementation.

Place, publisher, year, edition, pages
MDPI, 2022
Keywords
Activity recognition, ageing, dementia, habit recognition, smart homes
National Category
Gerontology, specialising in Medical and Health Sciences Occupational Therapy
Identifiers
urn:nbn:se:oru:diva-99532 (URN)10.3390/s22114254 (DOI)000809104700001 ()35684874 (PubMedID)2-s2.0-85131268514 (Scopus ID)
Funder
EU, Horizon 2020, 754285
Available from: 2022-06-15 Created: 2022-06-15 Last updated: 2022-07-28Bibliographically approved
Giaretta, A., Dragoni, N. & Massacci, F. (2022). S×C4IoT: A Security-by-contract Framework for Dynamic Evolving IoT Devices. ACM transactions on sensor networks, 18(1), Article ID 12.
Open this publication in new window or tab >>S×C4IoT: A Security-by-contract Framework for Dynamic Evolving IoT Devices
2022 (English)In: ACM transactions on sensor networks, ISSN 1550-4867, E-ISSN 1550-4859, Vol. 18, no 1, article id 12Article in journal (Refereed) Published
Abstract [en]

The Internet of Things (IoT) revolutionised the way devices, and human beings, cooperate and interact. The interconnectivity and mobility brought by IoT devices led to extremely variable networks, as well as unpredictable information flows. In turn, security proved to be a serious issue for the IoT, far more serious than it has been in the past for other technologies. We claim that IoT devices need detailed descriptions of their behaviour to achieve secure default configurations, sufficient security configurability, and self-configurability. In this article, we propose S×C4IoT, a framework that addresses these issues by combining two paradigms: Security by Contract (S×C) and Fog computing. First, we summarise the necessary background such as the basic S×C definitions. Then, we describe how devices interact within S×C4IoT and how our framework manages the dynamic evolution that naturally result from IoT devices life-cycles. Furthermore, we show that S×C4IoT can allow legacy S×C-noncompliant devices to participate with an S×C network, we illustrate two different integration approaches, and we show how they fit into S×C4IoT. Last, we implement the framework as a proof-of-concept. We show the feasibility of S×C4IoT and we run different experiments to evaluate its impact in terms of communication and storage space overhead.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2022
Keywords
IoT, internet of things, security, security-by-contract, S×C, fog computing, configurability, self-configurability, declarative security
National Category
Computer Sciences Communication Systems Computer Systems
Research subject
Computer Science; Computer Engineering; Computer and Systems Science
Identifiers
urn:nbn:se:oru:diva-94966 (URN)10.1145/3480462 (DOI)000841447200012 ()2-s2.0-85137706511 (Scopus ID)
Available from: 2021-10-12 Created: 2021-10-12 Last updated: 2023-12-08
Tavella, F., Giaretta, A., Dooley-Cullinane, T. M., Conti, M., Coffey, L. & Balasubramaniam, S. (2021). DNA Molecular Storage System: Transferring Digitally Encoded Information through Bacterial Nanonetworks. IEEE Transactions on Emerging Topics in Computing, 9(3), 1566-1580
Open this publication in new window or tab >>DNA Molecular Storage System: Transferring Digitally Encoded Information through Bacterial Nanonetworks
Show others...
2021 (English)In: IEEE Transactions on Emerging Topics in Computing, ISSN 2168-6750, Vol. 9, no 3, p. 1566-1580Article in journal (Refereed) Published
Abstract [en]

Since the birth of computer and networks, fuelled by pervasive computing, Internet of Things and ubiquitous connectivity, the amount of data stored and transmitted has exponentially grown through the years. Due to this demand, new storage solutions are needed. One promising media is the DNA as it provides numerous advantages, which includes the ability to store dense information while achieving long-term reliability. However, the question as to how the data can be retrieved from a DNA-based archive, still remains. In this paper, we aim to address this question by proposing a new storage solution that relies on bacterial nanonetworks properties. Our solution allows digitally-encoded DNA to be stored into motility-restricted bacteria, which compose an archival architecture of clusters, and to be later retrieved by engineered motile bacteria, whenever reading operations are needed. We conducted extensive simulations, in order to determine the reliability of data retrieval from motility-restricted storage clusters, placed spatially at different locations. Aiming to assess the feasibility of our solution, we have also conducted wet lab experiments that show how bacteria nanonetworks can effectively retrieve a simple message, such as "Hello World", by conjugation with motility-restricted bacteria, and finally mobilize towards a target point for delivery.

Place, publisher, year, edition, pages
IEEE, 2021
Keywords
DNA Encoding, Data Storage, Bacterial Nanonetworks, Molecular Communications
National Category
Computer Sciences
Identifiers
urn:nbn:se:oru:diva-78931 (URN)10.1109/TETC.2019.2932685 (DOI)000697823100043 ()2-s2.0-85070665316 (Scopus ID)
Available from: 2020-01-09 Created: 2020-01-09 Last updated: 2021-10-14Bibliographically approved
Mazzara, M., Dragoni, N., Bucchiarone, A., Giaretta, A., Larsen, S. T. & Dustdar, S. (2021). Microservices: Migration of a Mission Critical System. IEEE Transactions on Services Computing, 14(5), 1464-1477
Open this publication in new window or tab >>Microservices: Migration of a Mission Critical System
Show others...
2021 (English)In: IEEE Transactions on Services Computing, ISSN 1939-1374, E-ISSN 1939-1374, Vol. 14, no 5, p. 1464-1477Article in journal (Refereed) Published
Abstract [en]

An increasing interest is growing around the idea of microservices and the promise of improving scalability when compared to monolithic systems. Several companies are evaluating pros and cons of a complex migration. In particular, financial institutions are positioned in a difficult situation due to the economic climate and the appearance of agile competitors that can navigate in a more flexible legal framework and started their business since day one with more agile architectures and without being bounded to outdated technological standard. In this paper, we present a real world case study in order to demonstrate how scalability is positively affected by re-implementing a monolithic architecture (MA) into a microservices architecture (MSA). The case study is based on the FX Core system, a mission critical system of Danske Bank, the largest bank in Denmark and one of the leading financial institutions in Northern Europe. The technical problem that has been addressed and solved in this paper is the identification of a repeatable migration process that can be used to convert a real world Monolithic architecture into a Microservices architecture in the specific setting of financial domain, typically characterized by legacy systems and batch-based processing on heterogeneous data sources.

Place, publisher, year, edition, pages
IEEE Press, 2021
Keywords
Scalability, Computer architecture, Service-oriented architecture, Tools, Mission critical systems, Automation, Service Computing, Software Architecture, Scalability, Microservices
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:oru:diva-71108 (URN)10.1109/TSC.2018.2889087 (DOI)000704110400016 ()2-s2.0-85059027049 (Scopus ID)
Available from: 2019-01-26 Created: 2019-01-26 Last updated: 2021-10-21Bibliographically approved
Giaretta, A. (2021). Securing the Internet of Things with Security-by-Contract. (Doctoral dissertation). Örebro: Örebro University
Open this publication in new window or tab >>Securing the Internet of Things with Security-by-Contract
2021 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Smart homes, industry, healthcare, robotics; virtually every market has seen the uprising of Internet of Things (IoT) devices with different degrees and nuances. IoT devices embody different desirable characteristics, such as mobility, ubiquity, variety, and affordability. All combined, these features made so that IoT devices reached 35 billion units in the world. However, the sudden uprising of market demand put enormous pressure on manufacturers. The necessity of delivering to customers as many devices as possible, in the shortest time possible, leads manufacturers to overlook features that are not perceived critical by the users, such as resiliency to cyberattacks. This led to severe security issues. The prime example is Mirai, a malware that infected hundreds of thousands of IoT devices in 2016 and used them to strike lethal Distributed Denial of Service (DDoS) attacks.

In the first part of this thesis, we present the state of the art regarding IoT devices security resilience. In particular, we provide relevant examples of breaches, an analysis of the relationship between IoT and Cloud from a security point of view, and an example of an IoT device penetration test. Then, we focus on the usage of IoT devices in DDoS-enabled botnets and we provide an extensive study of DDoS-enabling malwares, discussing their evolution and their capabilities.

In the second part, we contextualise the gathered knowledge and we show that the highlighted problems stem from two main causes: insecure configurations and insufficient secure configurability.We also show that, to address these two issues, it is necessary to equip IoT devices with precise and formal descriptions of their behaviour. Therefore, we propose SC4IoT, a security framework for IoT devices that combines Security-by-Contract (SC) paradigm and Fog Computing paradigm. First, we provide a thorough breakdown of our proposal. We start from high-level lifecycles that describe how devices participate to SC4IoT. Then, we discuss the pillars that compose the framework (e.g., security contracts and security policies), together with their formal descriptions. Last, we provide precise algorithms for achieving security-policy matching capabilities, as well as routines for allowing the framework to deal with dynamic changes while maintaining consistency.

Place, publisher, year, edition, pages
Örebro: Örebro University, 2021. p. 55
Series
Örebro Studies in Technology, ISSN 1650-8580 ; 90
National Category
Computer Sciences
Identifiers
urn:nbn:se:oru:diva-88151 (URN)978-91-7529-364-6 (ISBN)
Public defence
2021-01-29, Örebro universitet, Långhuset, Hörsal L2 (and online (zoom)), Fakultetsgatan 1, Örebro, 13:00 (English)
Opponent
Supervisors
Available from: 2020-12-18 Created: 2020-12-18 Last updated: 2021-01-08Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-9293-7711

Search in DiVA

Show all publications