To Örebro University

oru.seÖrebro University Publications
Change search
Refine search result
1 - 28 of 28
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Chimamiwa, Gibson
    et al.
    Örebro University, School of Science and Technology.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Alirezaie, Marjan
    Örebro University, School of Science and Technology.
    Pecora, Federico
    Örebro University, School of Science and Technology.
    Loutfi, Amy
    Örebro University, School of Science and Technology.
    Are Smart Homes Adequate for Older Adults with Dementia?2022In: Sensors, E-ISSN 1424-8220, Vol. 22, no 11, article id 4254Article, review/survey (Refereed)
    Abstract [en]

    Smart home technologies can enable older adults, including those with dementia, to live more independently in their homes for a longer time. Activity recognition, in combination with anomaly detection, has shown the potential to recognise users' daily activities and detect deviations. However, activity recognition and anomaly detection are not sufficient, as they lack the capacity to capture the progression of patients' habits across the different stages of dementia. To achieve this, smart homes should be enabled to recognise patients' habits and changes in habits, including the loss of some habits. In this study, we first present an overview of the stages that characterise dementia, alongside real-world personas that depict users' behaviours at each stage. Then, we survey the state of the art on activity recognition in smart homes for older adults with dementia, including the literature that combines activity recognition and anomaly detection. We categorise the literature based on goals, stages of dementia, and targeted users. Finally, we justify the necessity for habit recognition in smart homes for older adults with dementia, and we discuss the research challenges related to its implementation.

  • 2.
    De Donno, Michele
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Mazzara, Manuel
    Innopolis University, Innopolis, Russian Federation.
    AntibIoTic: Protecting IoT Devices Against DDoS Attacks2018In: Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016 / [ed] Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G., Cham: Springer, 2018, p. 59-72Conference paper (Refereed)
    Abstract [en]

    The 2016 is remembered as the year that showed to the world how dangerous Distributed Denial of Service attacks can be. Gauge of the disruptiveness of DDoS attacks is the number of bots involved: the bigger the botnet, the more powerful the attack. This character, along with the increasing availability of connected and insecure IoT devices, makes DDoS and IoT the perfect pair for the malware industry. In this paper we present the main idea behind AntibIoTic, a palliative solution to prevent DDoS attacks perpetrated through IoT devices.

  • 3.
    De Donno, Michele
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Spognardi, Angelo
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Analysis of DDoS-Capable IoT Malwares2017In: Proceedings of the 2017 Federated Conference on Computer Science and Information Systems / [ed] M. Ganzha, L. Maciaszek, M. Paprzycki, Institute of Electrical and Electronics Engineers (IEEE), 2017, p. 807-816Conference paper (Refereed)
    Abstract [en]

    The Internet of Things (IoT) revolution promises to make our lives easier by providing cheap and always connected smart embedded devices, which can interact on the Internet and create added values for human needs. But all that glitters is not gold. Indeed, the other side of the coin is that, from a security perspective, this IoT revolution represents a potential disaster. This plethora of IoT devices that flooded the market were very badly protected, thus an easy prey for several families of malwares that can enslave and incorporate them in very large botnets. This, eventually, brought back to the top Distributed Denial of Service (DDoS) attacks, making them more powerful and easier to achieve than ever. This paper aims at provide an up-to-date picture of DDoS attacks in the specific subject of the IoT, studying how these attacks work and considering the most common families in the IoT context, in terms of their nature and evolution through the years. It also explores the additional offensive capabilities that this arsenal of IoT malwares has available, to mine the security of Internet users and systems. We think that this up-to-date picture will be a valuable reference to the scientific community in order to take a first crucial step to tackle this urgent security issue.

  • 4.
    De Donno, Michele
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Spognardi, Angelo
    Computer Science Department, Sapienza University of Rome, Rome, Italy.
    DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation2018In: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122, article id 7178164Article in journal (Refereed)
    Abstract [en]

    The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far.

  • 5.
    De Donno, Michele
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Bucchiarone, Antonio
    Fondazione Bruno Kessler, Trento, Italy.
    Mazzara, Manuel
    Institute of Software Development and Engineering, Innopolis University, Innopolis, Russian Federation.
    Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era2019In: Future Internet, E-ISSN 1999-5903, Vol. 11, no 6, article id 127Article in journal (Refereed)
    Abstract [en]

    The Internet of Things (IoT) is rapidly changing our society to a world where every thing is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on the security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds.

  • 6.
    De Donno, Michele
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology.
    Spognardi, Angelo
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark; Dipartimento Informatica, Sapienza Università di Roma, Rome, Italy.
    A Taxonomy of Distributed Denial of Service Attacks2017In: i-Society 2017: Proceedings / [ed] Charles A. Shoniregun, Galyna A. Akmayeva, Infonomics Society, 2017, p. 99-106Conference paper (Refereed)
  • 7.
    Dragoni, Nicola
    et al.
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Mazzara, Manuel
    Innopolis University, Innopolis, Russian Federation.
    The Internet of Hackable Things2018In: Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016 / [ed] Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G., Cham: Springer, 2018, p. 129-140Conference paper (Refereed)
    Abstract [en]

    The Internet of Things makes possible to connect each everyday object to the Internet, making computing pervasive like never before. From a security and privacy perspective, this tsunami of connectivity represents a disaster, which makes each object remotely hackable. We claim that, in order to tackle this issue, we need to address a new challenge in security: education.

  • 8.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Securing the Internet of Things with Security-by-Contract2021Doctoral thesis, comprehensive summary (Other academic)
    Abstract [en]

    Smart homes, industry, healthcare, robotics; virtually every market has seen the uprising of Internet of Things (IoT) devices with different degrees and nuances. IoT devices embody different desirable characteristics, such as mobility, ubiquity, variety, and affordability. All combined, these features made so that IoT devices reached 35 billion units in the world. However, the sudden uprising of market demand put enormous pressure on manufacturers. The necessity of delivering to customers as many devices as possible, in the shortest time possible, leads manufacturers to overlook features that are not perceived critical by the users, such as resiliency to cyberattacks. This led to severe security issues. The prime example is Mirai, a malware that infected hundreds of thousands of IoT devices in 2016 and used them to strike lethal Distributed Denial of Service (DDoS) attacks.

    In the first part of this thesis, we present the state of the art regarding IoT devices security resilience. In particular, we provide relevant examples of breaches, an analysis of the relationship between IoT and Cloud from a security point of view, and an example of an IoT device penetration test. Then, we focus on the usage of IoT devices in DDoS-enabled botnets and we provide an extensive study of DDoS-enabling malwares, discussing their evolution and their capabilities.

    In the second part, we contextualise the gathered knowledge and we show that the highlighted problems stem from two main causes: insecure configurations and insufficient secure configurability.We also show that, to address these two issues, it is necessary to equip IoT devices with precise and formal descriptions of their behaviour. Therefore, we propose SC4IoT, a security framework for IoT devices that combines Security-by-Contract (SC) paradigm and Fog Computing paradigm. First, we provide a thorough breakdown of our proposal. We start from high-level lifecycles that describe how devices participate to SC4IoT. Then, we discuss the pillars that compose the framework (e.g., security contracts and security policies), together with their formal descriptions. Last, we provide precise algorithms for achieving security-policy matching capabilities, as well as routines for allowing the framework to deal with dynamic changes while maintaining consistency.

    List of papers
    1. The Internet of Hackable Things
    Open this publication in new window or tab >>The Internet of Hackable Things
    2018 (English)In: Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016 / [ed] Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G., Cham: Springer, 2018, p. 129-140Conference paper, Published paper (Refereed)
    Abstract [en]

    The Internet of Things makes possible to connect each everyday object to the Internet, making computing pervasive like never before. From a security and privacy perspective, this tsunami of connectivity represents a disaster, which makes each object remotely hackable. We claim that, in order to tackle this issue, we need to address a new challenge in security: education.

    Place, publisher, year, edition, pages
    Cham: Springer, 2018
    Series
    Advances in Intelligent Systems and Computing (AISC), ISSN 2194-5357, E-ISSN 2194-5365 ; 717
    National Category
    Computer Sciences
    Identifiers
    urn:nbn:se:oru:diva-64664 (URN)10.1007/978-3-319-70578-1_13 (DOI)000434086000013 ()2-s2.0-85041846777 (Scopus ID)978-3-319-70577-4 (ISBN)978-3-319-70578-1 (ISBN)
    Conference
    5th International Conference in Software Engineering for Defence Applications, Rome, Italy, May 10, 2016
    Available from: 2018-01-30 Created: 2018-01-30 Last updated: 2021-01-07Bibliographically approved
    2. Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era
    Open this publication in new window or tab >>Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era
    Show others...
    2019 (English)In: Future Internet, E-ISSN 1999-5903, Vol. 11, no 6, article id 127Article in journal (Refereed) Published
    Abstract [en]

    The Internet of Things (IoT) is rapidly changing our society to a world where every thing is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on the security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds.

    Place, publisher, year, edition, pages
    MDPI, 2019
    Keywords
    security, Internet of Things, Cloud computing
    National Category
    Computer Sciences
    Identifiers
    urn:nbn:se:oru:diva-75237 (URN)10.3390/fi11060127 (DOI)000473805800007 ()2-s2.0-85067464961 (Scopus ID)
    Available from: 2019-07-25 Created: 2019-07-25 Last updated: 2023-08-03Bibliographically approved
    3. Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot
    Open this publication in new window or tab >>Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot
    2018 (English)In: Proceedings of the 13th International Conference on Availability, Reliability and Security, ACM , 2018, article id 22Conference paper, Published paper (Refereed)
    Abstract [en]

    The rise of connectivity, digitalization, robotics, and artificial intelligence (AI) is rapidly changing our society and shaping its future development. During this technological and societal revolution, security has been persistently neglected, yet a hacked robot can act as an insider threat in organizations, industries, public spaces, and private homes. In this paper, we perform a structured security assessment of Pepper, a commercial humanoid robot. Our analysis, composed by an automated and a manual part, points out a relevant number of security flaws that can be used to take over and command the robot. Furthermore, we suggest how these issues could be fixed, thus, avoided in the future. The very final aim of this work is to push the rise of the security level of IoT products before they are sold on the public market.

    Place, publisher, year, edition, pages
    ACM, 2018
    Series
    ACM International Conference Proceeding Series
    Keywords
    Internet of Things (IoT), Penetration Testing, Pepper, Robot, Security
    National Category
    Computer and Information Sciences Robotics
    Identifiers
    urn:nbn:se:oru:diva-71106 (URN)10.1145/3230833.3232807 (DOI)000477981800043 ()2-s2.0-85055287152 (Scopus ID)978-1-4503-6448-5 (ISBN)
    Conference
    13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany, August 27-30, 2018
    Available from: 2019-01-04 Created: 2019-01-04 Last updated: 2021-01-07Bibliographically approved
    4. Analysis of DDoS-Capable IoT Malwares
    Open this publication in new window or tab >>Analysis of DDoS-Capable IoT Malwares
    2017 (English)In: Proceedings of the 2017 Federated Conference on Computer Science and Information Systems / [ed] M. Ganzha, L. Maciaszek, M. Paprzycki, Institute of Electrical and Electronics Engineers (IEEE), 2017, p. 807-816Conference paper, Published paper (Refereed)
    Abstract [en]

    The Internet of Things (IoT) revolution promises to make our lives easier by providing cheap and always connected smart embedded devices, which can interact on the Internet and create added values for human needs. But all that glitters is not gold. Indeed, the other side of the coin is that, from a security perspective, this IoT revolution represents a potential disaster. This plethora of IoT devices that flooded the market were very badly protected, thus an easy prey for several families of malwares that can enslave and incorporate them in very large botnets. This, eventually, brought back to the top Distributed Denial of Service (DDoS) attacks, making them more powerful and easier to achieve than ever. This paper aims at provide an up-to-date picture of DDoS attacks in the specific subject of the IoT, studying how these attacks work and considering the most common families in the IoT context, in terms of their nature and evolution through the years. It also explores the additional offensive capabilities that this arsenal of IoT malwares has available, to mine the security of Internet users and systems. We think that this up-to-date picture will be a valuable reference to the scientific community in order to take a first crucial step to tackle this urgent security issue.

    Place, publisher, year, edition, pages
    Institute of Electrical and Electronics Engineers (IEEE), 2017
    Series
    Annals of computer science and information systems, E-ISSN 2300-5963 ; 11
    National Category
    Computer Sciences
    Identifiers
    urn:nbn:se:oru:diva-62795 (URN)10.15439/2017F288 (DOI)000417412800118 ()2-s2.0-85039904613 (Scopus ID)978-83-946253-7-5 (ISBN)
    Conference
    Federated Conference on Computer Science and Information Systems (FedCSIS 2017), Prague, Czech Republic, September 3-6, 2017
    Available from: 2017-11-23 Created: 2017-11-23 Last updated: 2021-01-07Bibliographically approved
    5. DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation
    Open this publication in new window or tab >>DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation
    2018 (English)In: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122, article id 7178164Article in journal (Refereed) Published
    Abstract [en]

    The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far.

    Place, publisher, year, edition, pages
    Hindawi Publishing Corporation, 2018
    National Category
    Computer Sciences
    Research subject
    Computer Science
    Identifiers
    urn:nbn:se:oru:diva-65665 (URN)10.1155/2018/7178164 (DOI)000426639800001 ()2-s2.0-85043390832 (Scopus ID)
    Available from: 2018-03-12 Created: 2018-03-12 Last updated: 2021-01-07Bibliographically approved
    6. Protecting the Internet of Things with Security-by-Contract and Fog Computing
    Open this publication in new window or tab >>Protecting the Internet of Things with Security-by-Contract and Fog Computing
    2019 (English)In: 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), IEEE , 2019Conference paper, Published paper (Refereed)
    Abstract [en]

    Nowadays, the Internet of Things (IoT) is a consolidated reality. Smart homes are equipped with a growing number of IoT devices that capture more and more information about human beings lives. However, manufacturers paid little or no attention to security, so that various challenges are still in place. In this paper, we propose a novel approach to secure IoT systems that combines the concept of Security-by-Contract (SxC) with the Fog computing distributed paradigm. We define the pillars of our approach, namely the notions of IoT device contract, Fog node policy and contract-policy matching, the respective life-cycles, and the resulting SxC workflow. To better understand all the concepts of the SxC framework, and highlight its practical feasibility, we use a running case study based on a context-aware system deployed in a real smart home.

    Place, publisher, year, edition, pages
    IEEE, 2019
    Keywords
    security-by-contract, Fog computing, IoT
    National Category
    Computer Sciences
    Identifiers
    urn:nbn:se:oru:diva-78009 (URN)10.1109/WF-IoT.2019.8767243 (DOI)000492865800001 ()2-s2.0-85073699472 (Scopus ID)978-1-5386-4980-0 (ISBN)
    Conference
    5th IEEE World Forum on Internet of Things (WF-IoT 2019), Limerick, Ireland, April 15-18, 2019
    Available from: 2019-11-22 Created: 2019-11-22 Last updated: 2021-01-07Bibliographically approved
    7. IoT Security Configurability with Security-by-Contract
    Open this publication in new window or tab >>IoT Security Configurability with Security-by-Contract
    2019 (English)In: Sensors, E-ISSN 1424-8220, Vol. 19, no 19, article id E4121Article in journal (Refereed) Published
    Abstract [en]

    Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.

    Place, publisher, year, edition, pages
    MDPI, 2019
    Keywords
    Fog computing, IoT, configurability, security, security-by-contract
    National Category
    Computer Systems
    Identifiers
    urn:nbn:se:oru:diva-76829 (URN)10.3390/s19194121 (DOI)000494823200065 ()31548501 (PubMedID)2-s2.0-85072578077 (Scopus ID)
    Available from: 2019-09-30 Created: 2019-09-30 Last updated: 2022-02-10Bibliographically approved
    8. S×C4IoT: A Security-by-Contract Framework for Dynamic Evolving IoT Devices
    Open this publication in new window or tab >>S×C4IoT: A Security-by-Contract Framework for Dynamic Evolving IoT Devices
    (English)Manuscript (preprint) (Other academic)
    National Category
    Computer Sciences
    Identifiers
    urn:nbn:se:oru:diva-88397 (URN)
    Available from: 2021-01-07 Created: 2021-01-07 Last updated: 2021-01-07Bibliographically approved
    Download (png)
    Bild
    Download (pdf)
    Cover
    Download (pdf)
    Spikblad
  • 9.
    Giaretta, Alberto
    et al.
    Department of Mathematics, University of Padua, Padua, Italy.
    Balasubramaniam, Sasitharan
    Department of Electronic and Communication EngineeringNano Communication Centre, Tampere University of Technology, Tampere, Finland.
    Conti, Mauro
    Department of Mathematics, University of Padua, Padua, Italy.
    Security Vulnerabilities and Countermeasures for Target Localization in Bio-NanoThings Communication Networks2016In: IEEE Transactions on Information Forensics and Security, ISSN 1556-6013, E-ISSN 1556-6021, Vol. 11, no 4, p. 665-676Article in journal (Refereed)
    Abstract [en]

    The emergence of molecular communication has provided an avenue for developing biological nanonetworks. Synthetic biology is a platform that enables reprogramming cells, which we refer to as Bio-NanoThings, that can be assembled to create nanonetworks. In this paper, we focus on specific Bio-NanoThings, i.e, bacteria, where engineering their ability to emit or sense molecules can result in functionalities, such as cooperative target localization. Although this opens opportunities, e.g., for novel healthcare applications of the future, this can also lead to new problems, such as a new form of bioterrorism. In this paper, we investigate the disruptions that malicious Bio-NanoThings (M-BNTs) can create for molecular nanonetworks. In particular, we introduce two types of attacks: blackhole and sentry attacks. In blackhole attack M-BNTs emit attractant chemicals to draw-in the legitimate Bio-NanoThings (L-BNTs) from searching for their target, while in the sentry attack, the M-BNTs emit repellents to disperse the L-BNTs from reaching their target. We also present a countermeasure that L-BNTs can take to be resilient to the attacks, where we consider two forms of decision processes that includes Bayes' rule as well as a simple threshold approach. We run a thorough set of simulations to assess the effectiveness of the proposed attacks as well as the proposed countermeasure. Our results show that the attacks can significantly hinder the regular behavior of Bio-NanoThings, while the countermeasures are effective for protecting against such attacks.

  • 10.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    De Donno, Michele
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot2018In: Proceedings of the 13th International Conference on Availability, Reliability and Security, ACM , 2018, article id 22Conference paper (Refereed)
    Abstract [en]

    The rise of connectivity, digitalization, robotics, and artificial intelligence (AI) is rapidly changing our society and shaping its future development. During this technological and societal revolution, security has been persistently neglected, yet a hacked robot can act as an insider threat in organizations, industries, public spaces, and private homes. In this paper, we perform a structured security assessment of Pepper, a commercial humanoid robot. Our analysis, composed by an automated and a manual part, points out a relevant number of security flaws that can be used to take over and command the robot. Furthermore, we suggest how these issues could be fixed, thus, avoided in the future. The very final aim of this work is to push the rise of the security level of IoT products before they are sold on the public market.

  • 11.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Community Targeted Phishing: A Middle Ground Between Massive and Spear Phishing through Natural Language Generation2018Conference paper (Refereed)
    Abstract [en]

    Looking at today spam and phishing panorama, we are able to identify two diametrically opposed approaches. On the one hand we have general spam, which targets as much as people as possible with generic and pre-formed texts; on the other hand we have very specific emails, handcrafted to target high-value targets. While nowadays these two worlds don't intersect at all, we envision a future where Natural Language Generation (NLG) techniques will enable attackers to target populous communities with machine-tailored emails. In this paper, we introduce what we call Community Targeted Spam (CTS), alongside with some workflows that exhibit how this all could be implemented. Furthermore, we suggest some preliminary directions that scientific community should consider to take, in order to address our concerns.

  • 12.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Lyngby, Denmark.
    Massacci, Fabio
    Department of Information Science and Engineering, University of Trento, Trento, Italy.
    IoT Security Configurability with Security-by-Contract2019In: Sensors, E-ISSN 1424-8220, Vol. 19, no 19, article id E4121Article in journal (Refereed)
    Abstract [en]

    Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.

  • 13.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute Technical University of Denmark, Denmark, Lyngby, Denmark.
    Massacci, Fabio
    Department of Information Sciences and Engineering, University of Trento, Trento, Italy.
    Protecting the Internet of Things with Security-by-Contract and Fog Computing2019In: 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), IEEE , 2019Conference paper (Refereed)
    Abstract [en]

    Nowadays, the Internet of Things (IoT) is a consolidated reality. Smart homes are equipped with a growing number of IoT devices that capture more and more information about human beings lives. However, manufacturers paid little or no attention to security, so that various challenges are still in place. In this paper, we propose a novel approach to secure IoT systems that combines the concept of Security-by-Contract (SxC) with the Fog computing distributed paradigm. We define the pillars of our approach, namely the notions of IoT device contract, Fog node policy and contract-policy matching, the respective life-cycles, and the resulting SxC workflow. To better understand all the concepts of the SxC framework, and highlight its practical feasibility, we use a running case study based on a context-aware system deployed in a real smart home.

  • 14.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Denmark.
    Massacci, Fabio
    Department of Information Sciences and Engineering, University of Trento, Italy; Vrije Universiteit, Amsterdam, Netherlands.
    S×C4IoT: A Security-by-Contract Framework for Dynamic Evolving IoT DevicesManuscript (preprint) (Other academic)
  • 15.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Massacci, Fabio
    Department of Information Sciences and Engineering, University of Trento, Italy; Vrije Universiteit Amsterdam, Netherlands.
    S×C4IoT: A Security-by-contract Framework for Dynamic Evolving IoT Devices2022In: ACM transactions on sensor networks, ISSN 1550-4867, E-ISSN 1550-4859, Vol. 18, no 1, article id 12Article in journal (Refereed)
    Abstract [en]

    The Internet of Things (IoT) revolutionised the way devices, and human beings, cooperate and interact. The interconnectivity and mobility brought by IoT devices led to extremely variable networks, as well as unpredictable information flows. In turn, security proved to be a serious issue for the IoT, far more serious than it has been in the past for other technologies. We claim that IoT devices need detailed descriptions of their behaviour to achieve secure default configurations, sufficient security configurability, and self-configurability. In this article, we propose S×C4IoT, a framework that addresses these issues by combining two paradigms: Security by Contract (S×C) and Fog computing. First, we summarise the necessary background such as the basic S×C definitions. Then, we describe how devices interact within S×C4IoT and how our framework manages the dynamic evolution that naturally result from IoT devices life-cycles. Furthermore, we show that S×C4IoT can allow legacy S×C-noncompliant devices to participate with an S×C network, we illustrate two different integration approaches, and we show how they fit into S×C4IoT. Last, we implement the framework as a proof-of-concept. We show the feasibility of S×C4IoT and we run different experiments to evaluate its impact in terms of communication and storage space overhead.

    Download full text (pdf)
    S×C4IoT: A Security-by-contract Framework for Dynamic Evolving IoT Devices
  • 16.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Lyngby, Denmark.
    Mazzara, Manuel
    Innopolis University, Innopolis, Russian Federation.
    Joining Jolie to Docker: Orchestration of Microservices on a Containers-as-a-Service Layer2018In: Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016 / [ed] Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G., Cham: Springer, 2018, p. 167-175Conference paper (Refereed)
    Abstract [en]

    Cloud computing is steadily growing and, as IaaS vendors have started to offer pay-as-you-go billing policies, it is fundamental to achieve as much elasticity as possible, avoiding over-provisioning that would imply higher costs. In this paper, we briefly analyse the orchestration characteristics of PaaSSOA, a proposed architecture already implemented for Jolie microservices, and Kubernetes, one of the various orchestration plugins for Docker; then, we outline similarities and differences of the two approaches, with respect to their own domain of application. Furthermore, we investigate some ideas to achieve a federation of the two technologies, proposing an architectural composition of Jolie microservices on Docker Container-as-a-Service layer.

  • 17.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Loutfi, Amy
    Örebro University, School of Science and Technology.
    On the people counting problem in smart homes: undirected graphs and theoretical lower-bounds2023In: Journal of Ambient Intelligence and Humanized Computing, ISSN 1868-5137, E-ISSN 1868-5145, Vol. 14, no 4, p. 3839-3851Article in journal (Refereed)
    Abstract [en]

    Smart homes of the future will have to deal with multi-occupancy scenarios. Multi-occupancy systems entail a preliminary and critical feature: the capability of counting people. This can be fulfilled by means of simple binary sensors, cheaper and more privacy preserving than other sensors, such as cameras. However, it is currently unclear how many people can be counted in a smart home, given the set of available sensors. In this paper, we propose a graph-based technique that allows to map a smart home to an undirected graph G and discover the lower-bound of certainly countable people, also defined as certain count. We prove that every independent set of n vertices of an undirected graph G represents a minimum count of n people. We also prove that the maximum number of certainly countable people corresponds to the maximum independent sets of G, and that the maximal independent sets of G provide every combination of active sensors that ensure different minimum count. Last, we show how to use this technique to identify and optimise suboptimal deployment of sensors, so that the assumptions can be tightened and the theoretical lower-bound improved.

    Download full text (pdf)
    On the people counting problem in smart homes: undirected graphs and theoretical lower‑bounds
  • 18.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Pepe, Stefano
    UniquID Inc., San Francisco, USA.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    UniquID: A Quest to Reconcile Identity Access Management and the IoT2019In: Software Technology: Methods and Tools / [ed] Mazzara M., Bruel JM., Meyer B., Petrenko A., Cham: Springer, 2019, p. 237-251Conference paper (Refereed)
    Abstract [en]

    The Internet of Things (IoT) has caused a revolutionary paradigm shift in computer networking. After decades of human-centered routines, where devices were merely tools that enabled human beings to authenticate themselves and perform activities, we are now dealing with a device-centered paradigm: the devices themselves are actors, not just tools for people. Conventional identity access management (IAM) frameworks were not designed to handle the challenges of IoT. Trying to use traditional IAM systems to reconcile heterogeneous devices and complex federations of online services (e.g., IoT sensors and cloud computing solutions) adds a cumbersome architectural layer that can become hard to maintain and act as a single point of failure. In this paper, we propose UniquID, a blockchain-based solution that overcomes the need for centralized IAM architectures while providing scalability and robustness. We also present the experimental results of a proof-of-concept UniquID enrolment network, and we discuss two different use-cases that show the considerable value of a blockchain-based IAM.

  • 19.
    Herskind, Lasse
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    De Donno, Michele
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    BitFlow: Enabling Real‐time Cash‐flow Evaluations through Blockchain2020In: Concurrency and Computation, ISSN 1532-0626, E-ISSN 1532-0634, Vol. 32, no 12, article id e5333Article in journal (Refereed)
    Abstract [en]

    Disbursement registration has always been a cumbersome, opaque, and inefficient process, up to the point that most businesses perform cash-flow evaluations only on a quarterly basis. We believe that automatic cash-flow evaluations can actively mitigate these issues. In this paper, we presentBitFlow, ablockchain-based architecture thatprovides complete cash-flow transparency and diminishes the probability of undetected frauds through the BitKrone, a non-volatile cryptocurrency that maps to the Danish Krone (DKK). We show that confidentiality can be effectively achieved on a permissionless blockchain using Zero-Knowledge proofs, ensuring verifiable transfers and automatic evaluations. Furthermore, we discuss several experiments to evaluate our proposal, in particular, the impact that confidential transactions have on the whole system, in terms of responsiveness and from an economical expenditure perspective.

  • 20.
    Matthíasson, Guðni
    et al.
    Technical University of Denmark (DTU), Department of Applied Mathematics and Computer Science, Kgs. Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. Technical University of Denmark (DTU), Department of Applied Mathematics and Computer Science, Kgs. Lyngby, Denmark.
    IoT Device Profiling: From MUD Files to S×C Contracts2020In: Open Identity Summit 2020 / [ed] Roßnagel, H., Schunck, C. H., Mödersheim, S. & Hühnlein, D., Gesellschaft für Informatik e.V. , 2020, p. 143-154Conference paper (Refereed)
    Abstract [en]

    Security is a serious, and often neglected, issue in the Internet of Things (IoT). In order to improve IoT security, researchers proposed to use Security-by-Contract (S×C), a paradigm originally designed for mobile application platforms. However, S×C assumes that manufacturers equip their devices with security contracts, which makes hard to integrate legacy devices with S×C. In this paper, we explore a method to extract S×C contracts from legacy devices’ Manufacturer Usage Descriptions (MUDs). We tested our solution on 28 different MUD files, and we show that it is possible to create basic S×C contracts, paving the way to complete extraction tools.

  • 21.
    Mazzara, Manuel
    et al.
    Innopolis University, Innopolis University, Innopolis, Russia.
    Dragoni, Nicola
    Örebro University, School of Science and Technology.
    Bucchiarone, Antonio
    DAS Research Unit, FBK-IRST, Trento, Italy.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Larsen, Stephan T.
    Danske Bank A/S, Copenhagen, Denmark.
    Dustdar, Schahram
    Distributed Systems Group (DSG), Information Systems Institute, Vienna University of Technology, Vienna, Austria.
    Microservices: Migration of a Mission Critical System2021In: IEEE Transactions on Services Computing, ISSN 1939-1374, E-ISSN 1939-1374, Vol. 14, no 5, p. 1464-1477Article in journal (Refereed)
    Abstract [en]

    An increasing interest is growing around the idea of microservices and the promise of improving scalability when compared to monolithic systems. Several companies are evaluating pros and cons of a complex migration. In particular, financial institutions are positioned in a difficult situation due to the economic climate and the appearance of agile competitors that can navigate in a more flexible legal framework and started their business since day one with more agile architectures and without being bounded to outdated technological standard. In this paper, we present a real world case study in order to demonstrate how scalability is positively affected by re-implementing a monolithic architecture (MA) into a microservices architecture (MSA). The case study is based on the FX Core system, a mission critical system of Danske Bank, the largest bank in Denmark and one of the leading financial institutions in Northern Europe. The technical problem that has been addressed and solved in this paper is the identification of a repeatable migration process that can be used to convert a real world Monolithic architecture into a Microservices architecture in the specific setting of financial domain, typically characterized by legacy systems and batch-based processing on heterogeneous data sources.

  • 22.
    Pirayesh, Jamshid
    et al.
    Semnan University, Semnan, Iran.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Conti, Mauro
    University of Padova, Padova, Italy.
    Keshavarzi, Parviz
    Semnan University, Semnan, Iran.
    A PLS-HECC-based device authentication and key agreement scheme for smart home networks2022In: Computer Networks, ISSN 1389-1286, E-ISSN 1872-7069, Vol. 216, article id 109077Article in journal (Refereed)
    Abstract [en]

    IoT devices permeate our society, collect personal data, and support critical infrastructures such as the healthcare. Therefore, there is a critical need for authentication and authorization schemes for IoT devices to meet privacy requirements, such as mutual authentication and user anonymity, as well as robustness against security attacks. In this paper, we propose a device authentication and key agreement scheme for IoT networks. Our proposal takes as a model the scheme proposed by Rezai et al., and combines it with a physical layer security technique and a hyper-elliptic curve cryptosystem. Our results show that not only our authentication scheme provides anonymity, mutual authentication, and efficiency, but it also provides resilience to various attacks, including man-in-the-middle, replay, and de-synchronization attacks. Our comparison shows that our scheme performs better than the state-of-the-art in terms of security properties, while adding a small overhead of ≈ 10(ms).

  • 23.
    Ritola, Nicklas
    et al.
    Epiroc Rock Drills AB, Örebro, Sweden; Örebro University, Örebro, Sweden.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Kiselev, Andrey
    Örebro University, School of Science and Technology.
    Operator Identification in a VR-Based Robot Teleoperation Scenario Using Head, Hands, and Eyes Movement Data2023In: Proceedings of the 6th International Workshop on Virtual, Augmented, and Mixed Reality for Human-Robot Interactions (VAM-HRI), 2023, Association for Computing Machinery , 2023Conference paper (Refereed)
    Abstract [en]

    Remote teleoperation using a Virtual Reality (VR) allows users to experience better degrees of immersion and embodiment. Equipped with a variety of sensors, VR headsets have the potential to offer automatic adaptation to users' personal preferences and modes of operation. However, to achieve this goal VR users must be uniquely identifiable. In this paper, we investigate the possibility of identifying VR users teleoperating a simulated robotic arm, by their forms of interaction with the VR environment. In particular, in addition to standard head and eye data, our framework uses hand tracking data provided by a Leap Motion hand-tracking sensor. Our first set of experiments shows that it is possible to identify users with an accuracy close to 100% by aggregating the sessions data and training/testing with a 70/30 split approach. Last, our second set of experiments show that, even by training and testing on separated sessions, it is still possible to identify users with a satisfactory accuracy of 89,23%.

  • 24. Sigurdsson, Gudmundur
    et al.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology.
    Vulnerabilities and Security Breaches in Cryptocurrencies2020In: Proceedings of 6th International Conference in Software Engineering for Defence Applications / [ed] Ciancarini, P.; Mazzara, M.; Messina, A.; Sillitti, A.; Succi, G., Springer, 2020Conference paper (Refereed)
  • 25.
    Tavella, Federico
    et al.
    Department of Mathematics, University of Padova, Torre Archimede, Padova, Italy.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Conti, Mauro
    Department of Mathematics, University of Padova, Torre Archimede, Padova, Italy.
    Balasubramaniam, Sasitharan
    School of Computing, University of Nebraska-Lincoln, Lincoln, USA.
    A machine learning-based approach to detect threats in bio-cyber DNA storage systems2022In: Computer Communications, ISSN 0140-3664, E-ISSN 1873-703X, Vol. 187, p. 59-70Article in journal (Refereed)
    Abstract [en]

    Data storage is one of the main computing issues of this century. Not only storage devices are converging to strict physical limits, but also the amount of data generated by users is growing at an unbelievable rate. To face these challenges, data centres grew constantly over the past decades. However, this growth comes with a price, particularly from the environmental point of view. Among various promising media, DNA is one of the most fascinating candidate. In our previous work, we have proposed an automated archival architecture which uses bioengineered bacteria to store and retrieve data, previously encoded into DNA. The similarities between biological media and classical ones can be a drawback, as malicious parties might replicate traditional attacks on the former archival system, using biological instruments and techniques. In this paper, first we analyse the main characteristics of our storage system and the different types of attacks that could be executed on it. Then, aiming at identifying on-going attacks, we propose and evaluate detection techniques, which rely on traditional metrics and machine learning algorithms. We identify and adapt two suitable metrics for this purpose, namely generalized entropy and information distance.

  • 26.
    Tavella, Federico
    et al.
    Mathematics, University of Padua, Padua, Italy.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Dooley-Cullinane, Triona Marie
    Department of Science, Waterford Institute of Technology, Waterford, Ireland.
    Conti, Mauro
    Mathematics, University of Padua, Padua, Italy.
    Coffey, Lee
    Department of Science, Waterford Institute of Technology, Waterford, Ireland.
    Balasubramaniam, Sasitharan
    Department of Electronic and Communication Engineering, Tampere University of Technology, Tampere Pirkanmaa, Finland .
    DNA Molecular Storage System: Transferring Digitally Encoded Information through Bacterial Nanonetworks2021In: IEEE Transactions on Emerging Topics in Computing, ISSN 2168-6750, Vol. 9, no 3, p. 1566-1580Article in journal (Refereed)
    Abstract [en]

    Since the birth of computer and networks, fuelled by pervasive computing, Internet of Things and ubiquitous connectivity, the amount of data stored and transmitted has exponentially grown through the years. Due to this demand, new storage solutions are needed. One promising media is the DNA as it provides numerous advantages, which includes the ability to store dense information while achieving long-term reliability. However, the question as to how the data can be retrieved from a DNA-based archive, still remains. In this paper, we aim to address this question by proposing a new storage solution that relies on bacterial nanonetworks properties. Our solution allows digitally-encoded DNA to be stored into motility-restricted bacteria, which compose an archival architecture of clusters, and to be later retrieved by engineered motile bacteria, whenever reading operations are needed. We conducted extensive simulations, in order to determine the reliability of data retrieval from motility-restricted storage clusters, placed spatially at different locations. Aiming to assess the feasibility of our solution, we have also conducted wet lab experiments that show how bacteria nanonetworks can effectively retrieve a simple message, such as "Hello World", by conjugation with motility-restricted bacteria, and finally mobilize towards a target point for delivery.

  • 27.
    Thomsen, Mathias Dahl
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Smart Lamp or Security Camera? Automatic Identification of IoT Devices2021In: Selected Papers from the 12th International Networking Conference / [ed] Ghita, Bogdan; Shiaeles, Stavros, Springer International Publishing , 2021, p. 85-99Conference paper (Refereed)
    Abstract [en]

    The tsunami of connectivity brought by the Internet of Things is rapidly revolutionising several sectors, ranging from industry and manufacturing, to home automation, healthcare and many more. When it comes to enforce security within an IoT network such as a smart home, there is a need to automatically recognise the type of each joining devices, in order to apply the right security policy. In this paper, we propose a method for identifying IoT devices’ types based on natural language processing (NLP), text classification, and web search engines. We implement a proof of concept and we test it against 33 different IoT devices. With a success rate of 88.9% for BACnet and 87.5% for MUD devices, our experiments show that we can efficiently and effectively identify different IoT devices.

  • 28.
    Zhu, Yuhui
    et al.
    Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China; School of Information Science and Engineering, University of Jinan, China.
    Chen, Zhenxiang
    Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China; School of Information Science and Engineering, University of Jinan, China.
    Yan, Qiben
    Department of Computer Science and Engineering, Michigan State University, USA.
    Wang, Shanshan
    Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China; School of Information Science and Engineering, University of Jinan, China.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Li, Enlong
    Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China; School of Information Science and Engineering, University of Jinan, China.
    Peng, Lizhi
    Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China; School of Information Science and Engineering, University of Jinan, China.
    Zhao, Chuan
    Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, China; School of Information Science and Engineering, University of Jinan, China.
    Conti, Mauro
    Department of Mathematics, University of Padua, Italy.
    Devils in the Clouds: An Evolutionary Study of Telnet Bot Loaders2023In: ICC 2023 - IEEE International Conference on Communications / [ed] Michele Zorzi; Meixia Tao; Walid Saad, IEEE, 2023, p. 2338-2344Conference paper (Refereed)
    Abstract [en]

    One of the innovations brought by Mirai and its derived malware is the adoption of self-contained loaders for infecting IoT devices and recruiting them in botnets. Functionally decoupled from other botnet components and not embedded in the payload, loaders cannot be analysed using conventional approaches that rely on honeypots for capturing samples. Different approaches are necessary for studying the loaders evolution and defining a genealogy. To address the insufficient knowledge about loaders' lineage in existing studies, in this paper, we propose a semantic-aware method to measure, categorize, and compare different loader servers, with the goal of highlighting their evolution, independent from the payload evolution. Leveraging behavior-based metrics, we cluster the discovered loaders and define eight families to determine the genealogy and draw a homology map. Our study shows that the source code of Mirai is evolving and spawning new botnets with new capabilities, both on the client side and the server side. In turn, shedding light on the infection loaders can help the cybersecurity community to improve detection and prevention tools.

1 - 28 of 28
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf