Marco Prandini

A novel approach to on-line status authentication of public-key certificates

The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectiveness of the approach, however, may be arguable, especially when a trivial strategy is adopted within a public key infrastructure (PKI) to deal with the problem of revoked certificates. This paper presents a novel certificate status handling scheme, based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive. The distinguishing characteristic of the devised Owa-based Revocation Scheme (ORS) is that it exploits a single directory-signed proof to collectively authenticate the status of all the certificates handled by a certification authority (CA) within a PKI. A thorough investigation on the performance attainable shows that ORS exhibits the same features of the well-known Online Certificate Status Protocol (OCSP) as regards security, scalability and certificate status-updating timeliness, at the same time drastically reducing the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied.

Efficient certificate status handling within PKIs: an application to public administration services

Public administration has shown a strong interest in digital signature technology as a means for secure and authenticated document exchange, hoping that it will help reduce paper-based transactions with citizens. The main problem posed by this technology is the necessary public-key infrastructure, and in particular certificate status handling. This paper describes the definition and deployment of a Web-based environment suitable for offering administrative services to citizens and for accepting authenticated documents from citizens. The best features of two different certificate status handling schemes, namely CRL and OCSP, have been exploited within this environment to obtain a good balance between security, timeliness and efficiency.

CrowdSensing for smart mobility through a service-oriented architecture

Crowdsensing is a powerful approach to build representations of specific aspects of reality which are of interest for citizens in smart cities, and in particular for people with special needs. In this work, we present an application of the microservice paradigm to create a mobility services platform. By exposing each part of the process as a microservice, we achieve the ability of developing applications as orchestration of available components. Moreover, we leverage the possibility of sharing data between different applications in a controlled environment.

A Service-Oriented Approach to Crowdsensing for Accessible Smart Mobility Scenarios

This work presents an architecture to help designing and deploying smart mobility applications. The proposed solution builds on the experience already matured by the authors in different fields: crowdsourcing and sensing done by users to gather data related to urban barriers and facilities, computation of personalized paths for users with special needs, and integration of open data provided by bus companies to identify the actual accessibility features and estimate the real arrival time of vehicles at stops. In terms of functionality, the first “monolithic” prototype fulfilled the goal of composing the aforementioned pieces of information to support citizens with reduced mobility (users with disabilities and/or elderly people) in their urban movements. In this paper, we describe a service-oriented architecture that exploits the microservices orchestration paradigm to enable the creation of new services and to make the management of the various data sources easier and more effective. The proposed platform exposes standardized interfaces to access data, implements common services to manage metadata associated with them, such as trustworthiness and provenance, and provides an orchestration language to create complex services, naturally mapping their internal workflow to code. The manuscript demonstrates the effectiveness of the approach by means of some case studies.

Integrating Personalized and Accessible Itineraries in MaaS Ecosystems Through Microservices

Mobility is a crucial sector for the livability of urban spaces, both in terms of accessibility for people with disabilities, and in terms of enjoyability by people with different interests. The deep transformation mobility is undergoing, heading towards commoditization of the full spectrum of transportation services, can lead to efficient solutions based on the same principle for all these needs. This paper shows how the approach based on the flexible orchestration of microservices allows to build applications that are, at the same time, more easily suited to the specific needs of different user categories, and more seamlessly integrated in the Mobility as a Service approach to smart mobility.

Public Transportation, IoT, Trust and Urban Habits

The technological compound known as Internet of Things is enabling massive transformations in many fields. In this paper, we deal with one emerging scenario, Mobility as a Service, where the interplay between technical, regulatory and social aspects is intense. We advocate the need for interdisciplinary research, taking into account the different facets of a system which, in summary, aims at improving the quality of urban life by collecting personal data, tracking citizens’ movements, correlating them with many other sources of information, and making the results widely available.

Data security issues in MaaS-enabling platforms

Mobility as a Service takes the concept of XaaS to transportation: a MaaS provider shall merge transport options from different mobility providers, seamlessly handling the whole experience of traveling, from providing information, to travel planning, and payments handling. To effectively support the creation of a market of MaaS providers, we envision the creation of ICT infrastructures based on microservices, a modern and renowned development model that fosters the creation of an ecosystem of reusable components. The flexibility of such platforms is their key advantage, yet it poses many security issues. In this paper, we look at these problems through the lens of our experience on one of such platforms, called SMAll. We classify the most relevant vulnerabilities related to data reliability, integrity, and authenticity, and we investigate directions for their mitigation.

A flexible scheme for on-line public-key certificate status updating and verification

A new on-line method for efficient handling of certificates within public-key infrastructures (PKIs) is presented. The method is based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive, which permits one to provide an explicit, concise, authenticated and not forgeable information about the revocation status of each certificate. A thorough investigation on the performance attainable shows that the devised method exhibits the same positive features of the well-known on-line certificate status protocol (OCSP) as regards scalability, security and timeliness. Moreover, its peculiar characteristic of collectively authentication via a single directory-signed proof the status of all the certificates handled within a PKI leads to a significant reduction of the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied.

I want to ride my bicycle: A microservice-based use case for a MaaS architecture

This work presents a use case on multimodal urban paths in a smart mobility context. The proposed solution builds on the experience already matured and developed by the authors in different fields: crowdsourcing and sensing done by users to gather data related to urban barriers and facilities, computation of personalized paths for users with special needs, and integration of open data provided by bus companies to identify the actual accessibility features and estimate the real arrival time of vehicles at stops. In terms of functionality, the first “monolithic” prototype fulfilled the goal of composing the aforementioned pieces of information to support citizens with reduced mobility (users with disabilities and/or elderly people) in their urban movements. In this paper, we describe a service-oriented architecture that exploits the microservices orchestration paradigm to enable the creation of new services and to make the management of the various data sources easier and more effective. The manuscript demonstrates the effectiveness of the approach showing a successful use case of a service that take into account multimodal paths, by involving cyclists, bicycle lanes, and bike sharing services in a urban environments. Such a use case take into account the users interface and interaction mechanisms, which are strongly affected by the context of use.

Insider Threats in Emerging Mobility-as-a-Service Scenarios

Mobility as a Service (MaaS) applies the everything-as-a-service paradigm of Cloud Computing to transportation: a MaaS provider offers to its users the dynamic composition of solutions of different travel agencies into a single, consistent interface. Traditionally, transits and data on mobility belong to a scattered plethora of operators. Thus, we argue that the economic model of MaaS is that of federations of providers, each trading its resources to coordinate multi-modal solutions for mobility. Such flexibility comes with many security and privacy concerns, of which insider threat is one of the most prominent. In this paper, we follow a tiered structure — from individual operators to markets of federated MaaS providers — to classify the potential threats of each tier and propose the appropriate countermeasures, in an effort to mitigate the problems.