Angelo Spognardi

Catch Me (If You Can): Data Survival in Unattended Sensor Networks

Unattended sensor networks operating in hostile environments might collect data that represents a high-value target for the adversary. The unattended sensors inability to off-load - in real time - sensitive data to a safe external entity makes it easy for the adversary to mount a focused attack aimed at eliminating certain target data. In order to facilitate survival of this data, sensors can collectively attempt to confuse the adversary by changing its location and content, i.e., by periodically moving the data around the network and encrypting it. In this paper, we focus on data survival in unattended sensor networks faced with an adversary intent on surgically destroying data which it considers to be of high value. After motivating the problem and considering several attack flavors, we propose several simple techniques and provide their detailed evaluation.

Data Security in Unattended Wireless Sensor Networks

In recent years, wireless sensor networks (WSNs) have been a very popular research topic, offering a treasure trove of systems, networking, hardware, security, and application-related problems. Much of prior research assumes that the WSN is supervised by a constantly present sink and sensors can quickly offload collected data. In this paper, we focus on unattended WSNs (UWSNs) characterized by intermittent sink presence and operation in hostile settings. Potentially lengthy intervals of sink absence offer greatly increased opportunities for attacks resulting in erasure, modification, or disclosure of sensor-collected data. This paper presents an in-depth investigation of security problems unique to UWSNs (including a new adversarial model) and proposes some simple and effective countermeasures for a certain class of attacks.

RoK: A robust key pre-distribution protocol for multi-phase wireless sensor networks

Wireless sensor networks are usually deployed to operate for a long period of time. Because nodes are battery-operated, they eventually run out of power and new nodes need to be periodically deployed to assure network connectivity. This type of networks is referred to as Multi-phase WSN in the literature [1]. Current key pre-distribution schemes, such as [2] and [3], are not adapted to multi-stage WSN. With these schemes, the security of the WSN degrades with time, since the proportion of corrupted links gradually increases. In this paper, we propose a new pre-distribution scheme adapted to multi-phase WSN. In the proposed scheme, the pre-distributed keys have limited lifetimes and are refreshed periodically. As a result, a network that is temporarily attacked (i.e. the attacker is active only during a limited amount of time) automatically self-heals, i.e. recovers its initial state when the attack stops. In contrast, with existing schemes, an attacker that corrupts a certain amount of nodes compromises a given fraction of the total number of secure channels. This ratio remains constant until the end of the network, even if the attacker stops its action. Furthermore, with our scheme, a network that is constantly attacked (i.e. the attacker regularly corrupts nodes of the network, without stopping) is much less impacted than a network that uses existing key pre-distribution protocols. With these schemes, the number of compromised links constantly increases until all the links are compromised. With our proposal, the proportion of compromised links is limited and constant.

Collaborative authentication in unattended WSNs

An unattended wireless sensor network (UWSN) might collect valuable data representing an attractive target for the adversary. Since a sink visits the network infrequently, unattended sensors cannot immediately off-load data to some safe external entity. With sufficient time between sink visits, a powerful mobile adversary can easily compromise sensor-collected data. In this paper, we propose two schemes (CoMAC and ExCo) that leverage sensor co-operation to achieve data authentication. These schemes use standard (and inexpensive) symmetric cryptographic primitives coupled with key evolution and few messages exchange. We provide security analysis for proposed schemes and assess their effectiveness via simulations. We show that proposed schemes cope well with real WSN issues, such as message loss and sensor failure. We also compare the two schemes with respect to robustness and overhead, which allows network designers to carefully select the right scheme and tune appropriate system parameters.

Playing hide-and-seek with a focused mobile adversary in unattended wireless sensor networks

Some sensor network settings involve disconnected or unattended operation with periodic visits by a mobile sink. An unattended sensor network operating in a hostile environment can collect data that represents a high-value target for the adversary. Since an unattended sensor can not immediately off-load sensed data to a safe external entity (such as a sink), the adversary can easily mount a focused attack aiming to erase or modify target data. To maximize chances of data survival, sensors must collaboratively attempt to mislead the adversary and hide the location, the origin, and the contents of collected data. In this paper, we focus on applications of well-known security techniques to maximize chances of data survival in unattended sensor networks, where sensed data can not be off-loaded to a sink in real time. Our investigation yields some interesting insights and surprising results. The highlights of our work are: (1) thorough exploration of the data survival challenge, (2) exploration of the design space for possible solutions, (3) construction of several practical and effective techniques, and (4) their evaluation.

Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers

Machine Learning (ML) algorithms are used to train computers to perform a variety of complex tasks and improve with experience. Computers learn how to recognize patterns, make unintended decisions, or react to a dynamic environment. Certain trained machines may be more effective than others because they are based on more suitable ML algorithms or because they were trained through superior training sets. Although ML algorithms are known and publicly released, training sets may not be reasonably ascertainable and, indeed, may be guarded as trade secrets. While much research has been performed about the privacy of the elements of training sets, in this paper we focus our attention on ML classifiers and on the statistical information that can be unconsciously or maliciously revealed from them. We show that it is possible to infer unexpected but useful information from ML classifiers. In particular, we build a novel meta-classifier and train it to hack other classifiers, obtaining meaningful information about their training sets. This kind of information leakage can be exploited, for example, by a vendor to build more effective classifiers or to simply acquire trade secrets from a competitors apparatus, potentially violating its intellectual property rights.

Fame for sale

Fake followers are those Twitter accounts specifically created to inflate the number of followers of a target account. Fake followers are dangerous for the social platform and beyond, since they may alter concepts like popularity and influence in the Twittersphere-hence impacting on economy, politics, and society. In this paper, we contribute along different dimensions. First, we review some of the most relevant existing features and rules (proposed by Academia and Media) for anomalous Twitter accounts detection. Second, we create a baseline dataset of verified human and fake follower accounts. Such baseline dataset is publicly available to the scientific community. Then, we exploit the baseline dataset to train a set of machine-learning classifiers built over the reviewed rules and features. Our results show that most of the rules proposed by Media provide unsatisfactory performance in revealing fake followers, while features proposed in the past by Academia for spam detection provide good results. Building on the most promising features, we revise the classifiers both in terms of reduction of overfitting and cost for gathering the data needed to compute the features. The final result is a novel Class A classifier, general enough to thwart overfitting, lightweight thanks to the usage of the less costly features, and still able to correctly classify more than 95% of the accounts of the original training set. We ultimately perform an information fusion-based sensitivity analysis, to assess the global sensitivity of each of the features employed by the classifier.The findings reported in this paper, other than being supported by a thorough experimental methodology and interesting on their own, also pave the way for further investigation on the novel issue of fake Twitter followers.

Clone wars: Distributed detection of clone attacks in mobile WSNs

Among security challenges raised by mobile Wireless Sensor Networks, clone attack is particularly dreadful since it makes an adversary able to subvert the behavior of a network just leveraging a few replicas of some previously compromised sensors. In this work, we provide several contributions: first, we introduce two novel realistic adversary models, the vanishing and the persistent adversary, characterized by different compromising capability. We then propose two distributed, efficient, and cooperative protocols to detect replicas: History Information-exchange Protocol (HIP) and its optimized version (HOP). Both HIP and HOP leverage just local (one-hop) communications and node mobility, and differ for the amount of computation required. We study their behavior against the introduced types of attacker, considering two different mobility models and comparing our solutions against the state of the art. Both analysis and simulation results show that our solutions are effective and efficient, providing high detection rate, while incurring limited overhead.

The Paradigm-Shift of Social Spambots: Evidence, Theories, and Tools for the Arms Race

Recent studies in social media spam and automation provide anecdotal argumentation of the rise of a new generation of spambots, so-called social spambots. Here, for the first time, we extensively study this novel phenomenon on Twitter and we provide quantitative evidence that a paradigm-shift exists in spambot design. First, we measure current Twitters capabilities of detecting the new social spambots. Later, we assess the human performance in discriminating between genuine accounts, social spambots, and traditional spambots. Then, we benchmark several state-of-the-art techniques proposed by the academic literature. Results show that neither Twitter, nor humans, nor cutting-edge applications are currently capable of accurately detecting the new social spambots. Our results call for new approaches capable of turning the tide in the fight against this raising phenomenon. We conclude by reviewing the latest literature on spambots detection and we highlight an emerging common research trend based on the analysis of collective behaviors. Insights derived from both our extensive experimental campaign and survey shed light on the most promising directions of research and lay the foundations for the arms race against the novel social spambots. Finally, to foster research on this novel phenomenon, we make publicly available to the scientific community all the datasets used in this study.

DNA-Inspired Online Behavioral Modeling and Its Application to Spambot Detection

A novel, simple, and effective approach to modeling online user behavior extracts and analyzes digital DNA sequences from user online actions and uses Twitter as a benchmark to test the proposal. Specifically, the model obtains an incisive and compact DNA-inspired characterization of user actions. Then, standard DNA analysis techniques discriminate between genuine and spambot accounts on Twitter. An experimental campaign supports the proposal, showing its effectiveness and viability. Although Twitter spambot detection is a specific use case on a specific social media platform, the proposed methodology is platform and technology agnostic, paving the way for diverse behavioral characterization tasks.