Mauro Conti

Smart health: A context-aware health paradigm within smart cities

The new era of mobile health ushered in by the wide adoption of ubiquitous computing and mobile communications has brought opportunities for governments and companies to rethink their concept of healthcare. Simultaneously, the worldwide urbanization process represents a formidable challenge and attracts attention toward cities that are expected to gather higher populations and provide citizens with services in an efficient and human manner. These two trends have led to the appearance of mobile health and smart cities. In this article we introduce the new concept of smart health, which is the context-aware complement of mobile health within smart cities. We provide an overview of the main fields of knowledge that are involved in the process of building this new concept. Additionally, we discuss the main challenges and opportunities that s-Health would imply and provide a common ground for further research.

CRePE: context-related policy enforcement for android

Most of the research work for enforcing security policies on smartphones considered coarse-grained policies, e.g. either to allow an application to run or not. In this paper we present CRePE, the first system that is able to enforce fine-grained policies, e.g. that vary while an application is running, that also depend on the context of the smartphone. A context can be defined by the status of some variables (e.g. location, time, temperature, noise, and light), the presence of other devices, a particular interaction between the user and the smartphone, or a combination of these. CRePE allows context-related policies to be defined either by the user or by trusted third parties. Depending on the authorization, third parties can set a policy on a smartphone at any moment or just when the phone is within a particular context, e.g. within a building, or a plane.

A randomized, efficient, and distributed protocol for the detection of node replication attacks in wireless sensor networks

Wireless sensor networks are often deployed in hostile environments, where anadversary can physically capture some of the nodes. Once a node is captured, the attackercan re-program it and replicate the node in a large number of clones, thus easily taking over the network. The detection of node replication attacks in a wireless sensor network is therefore a fundamental problem. A few distributed solutions have recently been proposed. However, these solutions are not satisfactory. First, they are energy and memory demanding: A serious drawback for any protocol that is to be used in resource constrained environment such as a sensor network. Further, they are vulnerable to specific adversary models introduced in this paper. The contributions of this work are threefold. First, we analyze the desirable properties of a distributed mechanism for the detection of node replication attacks. Second, we show that the known solutions for this problem do not completely meet our requirements. Third, we propose a new Randomized, Efficient, and Distributed (RED) protocol for the detection of node replication attacks and we show that it is completely satisfactory with respect to the requirements. Extensive simulations also show that our protocol is highly efficient in communication, memory, and computation, that it sets out an improved attack detection probability compared to the best solutions in the literature, and that it is resistant to the new kind of attacks we introduce in this paper, while other solutions are not.

Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking

Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. CCN focuses on content distribution, which is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on distributed denial-of-service (DDoS) attacks; in particular we address interest flooding, an attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.

Android Security: A Survey of Issues, Malware Penetration, and Defenses

Smartphones have become pervasive due to the availability of office applications, Internet, games, vehicle guidance using location-based services apart from conventional services such as voice calls, SMSes, and multimedia services. Android devices have gained huge market share due to the open architecture of Android and the popularity of its application programming interface (APIs) in the developer community. Increased popularity of the Android devices and associated monetary benefits attracted the malware developers, resulting in big rise of the Android malware apps between 2010 and 2014. Academic researchers and commercial antimalware companies have realized that the conventional signature-based and static analysis methods are vulnerable. In particular, the prevalent stealth techniques, such as encryption, code transformation, and environment-aware approaches, are capable of generating variants of known malware. This has led to the use of behavior-, anomaly-, and dynamic-analysis-based methods. Since a single approach may be ineffective against the advanced techniques, multiple complementary approaches can be used in tandem for effective malware detection. The existing reviews extensively cover the smartphone OS security. However, we believe that the security of Android, with particular focus on malware growth, study of antianalysis techniques, and existing detection methodologies, needs an extensive coverage. In this survey, we discuss the Android security enforcement mechanisms, threats to the existing security enforcements and related issues, malware growth timeline between 2010 and 2014, and stealth techniques employed by the malware authors, in addition to the existing detection methods. This review gives an insight into the strengths and shortcomings of the known research methodologies and provides a platform, to the researchers and practitioners, toward proposing the next-generation Android security, analysis, and malware detection techniques.

Secure Data Aggregation in Wireless Sensor Networks

In a large sensor network, in-network data aggregation significantly reduces the amount of communication and energy consumption. Recently, the research community has proposed a robust aggregation framework called synopsis diffusion which combines multipath routing schemes with duplicate-insensitive algorithms to accurately compute aggregates (e.g., predicate Count, Sum) in spite of message losses resulting from node and transmission failures. However, this aggregation framework does not address the problem of false subaggregate values contributed by compromised nodes resulting in large errors in the aggregate computed at the base station, which is the root node in the aggregation hierarchy. This is an important problem since sensor networks are highly vulnerable to node compromises due to the unattended nature of sensor nodes and the lack of tamper-resistant hardware. In this paper, we make the synopsis diffusion approach secure against attacks in which compromised nodes contribute false subaggregate values. In particular, we present a novel lightweight verification algorithm by which the base station can determine if the computed aggregate (predicate Count or Sum) includes any false contribution. Thorough theoretical analysis and extensive simulation study show that our algorithm outperforms other existing approaches. Irrespective of the network size, the per-node communication overhead in our algorithm is O(1).

Distributed Detection of Clone Attacks in Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are often deployed in hostile environments where an adversary can physically capture some of the nodes, first can reprogram, and then, can replicate them in a large number of clones, easily taking control over the network. A few distributed solutions to address this fundamental problem have been recently proposed. However, these solutions are not satisfactory. First, they are energy and memory demanding: A serious drawback for any protocol to be used in the WSN-resource-constrained environment. Further, they are vulnerable to the specific adversary models introduced in this paper. The contributions of this work are threefold. First, we analyze the desirable properties of a distributed mechanism for the detection of node replication attacks. Second, we show that the known solutions for this problem do not completely meet our requirements. Third, we propose a new self-healing, Randomized, Efficient, and Distributed (RED) protocol for the detection of node replication attacks, and we show that it satisfies the introduced requirements. Finally, extensive simulations show that our protocol is highly efficient in communication, memory, and computation; is much more effective than competing solutions in the literature; and is resistant to the new kind of attacks introduced in this paper, while other solutions are not.

Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call

In this paper we propose a new biometric measure to authenticate the user of a smartphone: the movement the user performs when answering (or placing) a phone call. The biometric measure leverages features that are becoming commodities in new smartphones, i.e. accelerometer and orientation sensors. We argue that this new biometric measure has a unique feature. That is, it allows a transparent authentication (not requiring an additional specific interaction for this) to check that the user that is answering (or placing) a phone call is the one authorized to do that. At the same time, this biometric measure can also be used as a non transparent authentication method, e.g. the user may need to move the phone as if answering a call, in order to unlock the phone to get access to SMSs or emails. As a consequence of being a biometric measure, an adversary that spies on the movement (e.g. captures it with a camera) and tries to replicate it, will not be granted access to the phone. We prototyped our solution and conducted several experiments to assess its feasibility. Results show that the method is effective, and the performance is comparable to that of other transparent authentication methods, like face or voice recognition.

Emergent properties: detection of the node-capture attack in mobile wireless sensor networks

One of the most vexing problems in wireless sensor network security is the node capture attack. An adversary can capture a node from the network as the first step for further different types of attacks. For example, the adversary can collect all the cryptographic material stored in the node. Also, the node can be reprogrammed and re-deployed in the network in order to perform malicious activities. To the best of our knowledge no distributed solution has been proposed to detect a node capture in a mobile wireless sensor network. In this paper we propose an efficient and distributed solution to this problem leveraging emergent properties of mobile wireless sensor networks. In particular, we introduce two solutions: SDD, that does not require explicit information exchange between the nodes during the local detection, and CCD, a more sophisticated protocol that uses local node cooperation in addition to mobility to greatly improve performance. We also introduce a benchmark to compare these solutions with. Experimental results demonstrate the feasibility of our proposal. For instance, while the benchmark requires about 9,000 seconds to detect node captures, CDD requires less than 2,000 seconds. These results support our intuition that node mobility, in conjunction with a limited amount of local cooperation, can be used to detect emergent global properties.

Providing Source Location Privacy in Wireless Sensor Networks: A Survey

Wireless sensor networks (WSNs) consist of numerous small nodes that can sense, collect, and disseminate information for many different types of applications. One of these applications is subject tracking and monitoring, in which the monitored subjects often need protection. For instance, a WSN can be deployed to monitor the movement of a panda in a national park. The panda needs protection from different adversaries, such as hunters and poachers. An adversary might trace the messages in the WSN to find the source node that sensed the panda, with the final aim of killing the panda. Hence the question is: how do we hide the location of the source node from the adversary? This question is relevant in several of the scenarios related to this application, such as patient monitoring and battlefield surveillance. In other words, the problem is to provide privacy to the source node: source location privacy. In this paper, we provide a survey of the state of the art in source location privacy. We first discuss the key concepts in source location privacy, such as anonymity, unobservability, safety period, and capture likelihood. Then, we present an overview of the solutions that provide source location privacy within a WSN, in relation to the assumptions about the adversarys capabilities. In particular, we summarize the concepts and solutions, which are categorized based on the core techniques used to provide source location privacy. We mention the limitations of the algorithms as found in the literature, classify the solutions based on their approach, and provide an overview of the assumptions on the adversarial capabilities related to each solution.