Moreno Ambrosin

On the Feasibility of Attribute-Based Encryption on Smartphone Devices

Attribute-Based Encryption (ABE) is a powerful cryptographic tool that allows fine-grained access control over data. Due to its features, ABE has been adopted in several applications, such as encrypted storage or access control systems. Recently, researchers argued about the non acceptable performance of ABE when implemented on mobile devices. Indeed, the non feasibility of ABE on mobile devices would hinder the deployment of novel protocols and services- that could instead exploit the full potential of such devices. However, we believe the conclusion of non usability was driven by a not-very efficient implementation. In this paper, we want to shine a light on this concern by studying the feasibility of applying ABE on smartphone devices. In particular, we implemented AndrABEn, an ABE library for Android operating system. Our library is written in the C language and implements two main ABE schemes: Ciphertext-Policy Attribute-Based Encryption, and Key- Policy Attribute-Based Encryption. We also run a thorough set of experimental evaluation for AndrABEn, and compare it with the current state-of-the-art (considering the same experimental setting). The results confirm the possibility to effectively use ABE on smartphone devices, requiring an acceptable amount of resources in terms of computations and energy consumption. Since the current state-of-the-art claims the non feasibility of ABE on mobile devices, we believe that our study (together with the AndrABEn library that we made available online) is a key result that will pave the way for researchers and developers to design and implement novel protocols and applications for mobile devices.

SANA: Secure and Scalable Aggregate Network Attestation

Large numbers of smart connected devices, also named as the Internet of Things (IoT), are permeating our environments (homes, factories, cars, and also our body - with wearable devices) to collect data and act on the insight derived. Ensuring software integrity (including OS, apps, and configurations) on such smart devices is then essential to guarantee both privacy and safety. A key mechanism to protect the software integrity of these devices is remote attestation: A process that allows a remote verifier to validate the integrity of the software of a device. This process usually makes use of a signed hash value of the actual devices software, generated by dedicated hardware. While individual device attestation is a well-established technique, to date integrity verification of a very large number of devices remains an open problem, due to scalability issues. In this paper, we present SANA, the first secure and scalable protocol for efficient attestation of large sets of devices that works under realistic assumptions. SANA relies on a novel signature scheme to allow anyone to publicly verify a collective attestation in constant time and space, for virtually an unlimited number of devices. We substantially improve existing swarm attestation schemes by supporting a realistic trust model where: (1) only the targeted devices are required to implement attestation; (2) compromising any device does not harm others; and (3) all aggregators can be untrusted. We implemented SANA and demonstrated its efficiency on tiny sensor devices. Furthermore, we simulated SANA at large scale, to assess its scalability. Our results show that SANA can provide efficient attestation of networks of 1,000,000 devices, in only 2.5 seconds.

LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks

Software Defined Networking (SDN) is a new networking architecture that aims to provide better decoupling between network control (control plane) and data forwarding functionalities (data plane). This separation introduces several benefits, such as a directly programmable and (virtually) centralized network control. However, researchers showed that the required communication channel between the control and data plane of SDN creates a potential bottleneck in the system, introducing new vulnerabilities.Indeed, this behavior could be exploited to mount powerful attacks, such as the control plane saturation attack, that can severely hinder the performance of the whole network. In this paper we present LineSwitch, an efficient and effective solution against control plane saturation attack. LineSwitch combines SYN proxy techniques and probabilistic blacklisting of network traffic. We implemented LineSwitch as an extension of OpenFlow, the current reference implementation of SDN, and evaluate our solution considering different traffic scenarios (with and without attack). The results of our preliminary experiments confirm that, compared to the state-of-the-art, LineSwitch reduces the time overhead up to 30%, while ensuring the same level of protection.

On the Feasibility of Attribute-Based Encryption on Internet of Things Devices

The Internet of Things (IoT) is emerging with the pace of technology evolution, connecting people and things through the Internet. IoT devices enable large-scale data collection and sharing for a wide range of applications. However, it is challenging to securely manage interconnected IoT devices because the collected data could contain sensitive personal information. The authors believe that attribute-based encryption (ABE) could be an effective cryptographic tool for secure management of IoT devices. However, little research has addressed ABEs actual feasibility in the IoT thus far. This article investigates such feasibility considering well-known IoT platforms--specifically, Intel Galileo Gen 2, Intel Edison, Raspberry Pi 1 Model B, and Raspberry Pi Zero. A thorough evaluation confirms that adopting ABE in the IoT is indeed feasible.

A Survey on the Security of Stateful SDN Data Planes

Software-defined networking (SDN) emerged as an attempt to introduce network innovations faster, and to radically simplify and automate the management of large networks. SDN traditionally leverages OpenFlow as device-level abstraction. Since OpenFlow permits the programmer to “just” abstract a static flow-table, any stateful control and processing intelligence is necessarily delegated to the network controller. Motivated by the latency and signaling overhead that comes along with such a two-tiered SDN programming model, in the last couple of years several works have proposed innovative switch-level (data plane) programming abstractions capable to deploy some smartness directly inside the network switches, e.g., in the form of localized stateful flow processing. Furthermore, the possible inclusion of states and state maintenance primitives inside the switches is currently being debated in the OpenFlow standardization community itself. In this paper, after having provided the reader with a background on such emerging stateful SDN data plane proposals, we focus our attention on the security implications that data plane programmability brings about. Also via the identification of potential attack scenarios, we specifically highlight possible vulnerabilities specific to stateful in-switch processing (including denial of service and saturation attacks), which we believe should be carefully taken into consideration in the ongoing design of current and future proposals for stateful SDN data planes.

LineSwitch: Tackling Control Plane Saturation Attacks in Software-Defined Networking

Software defined networking (SDN) is a new networking paradigm that in recent years has revolutionized network architectures. At its core, SDN separates the data plane, which provides data forwarding functionalities, and the control plane, which implements the network control logic. The separation of these two components provides a virtually centralized point of control in the network, and at the same time abstracts the complexity of the underlying physical infrastructure. Unfortunately, while promising, the SDN approach also introduces new attacks and vulnerabilities. Indeed, previous research shows that, under certain traffic conditions, the required communication between the control and data plane can result in a bottleneck. An attacker can exploit this limitation to mount a new, network-wide, type of denial of service attack, known as the control plane saturation attack. This paper presents LineSwitch, an efficient and effective data plane solution to tackle the control plane saturation attack. LineSwitch employs probabilistic proxying and blacklisting of network traffic to prevent the attack from reaching the control plane, and thus preserve network functionality. We implemented LineSwitch as an extension of the reference SDN implementation, OpenFlow, and run a thorough set of experiments under different traffic and attack scenarios. We compared LineSwitch to the state of the art, and we show that it provides at the same time, the same level of protection against the control plane saturation attack, and a reduced time overhead by up to 30%.

Updaticator: Updating Billions of Devices by an Efficient, Scalable and Secure Software Update Distribution over Untrusted Cache-enabled Networks

Secure and fast distribution of software updates and patches is essential for improving functionality and security of computer systems. Today, each device downloads updates individually from a software provider distribution server. Unfortunately, this approach does not scale to large systems with billions of devices where the network bandwidth of the server and the local Internet gateway become bottlenecks. Cache-enabled Network (CN) services (either proprietary, as Akamai, or open Content-Distribution Networks) can reduce these bottlenecks. However, they do not offer security guarantees against potentially untrusted CN providers that try to threaten the confidentiality of the updates or the privacy of the users. In this paper, we propose Updaticator, the first protocol for software updates over Cache-enabled Networks that is scalable to billions of concurrent device updates while being secure against malicious networks. We evaluate our proposal considering Named-Data Networking, a novel instance of Cache-enabled overlay Networks. Our analysis and experimental evaluation show that Updaticator removes the bottlenecks of individual device-update distribution, by reducing the network load at the distribution server: from linear in the number of devices to a constant, even if billions of devices are requesting updates. Furthermore, when compared to the state-of-the-art individual device-update mechanisms, the download time with Updaticator is negligible, due to local caching.

Covert ephemeral communication in named data networking

In recent years, the growing belief that the current IP-based Internet is becoming obsolete prompted several research efforts that aim to design potential next-generation Internet architectures. Named Data Networking (NDN), an instantiation of the content-centric approach, is one such effort. In contrast with their IP counterparts, NDN routers maintain a significant amount of state information. In this paper, we investigate the use of this feature for covert ephemeral communication (CEC). CEC allows two or more parties to covertly exchange ephemeral messages, i.e., messages that become unavailable after a certain amount of time. Our techniques rely only on network-layer services. This makes our protocols robust, and stealthy communication -- difficult to detect. We show that users can build high-bandwidth CEC channels by exploiting features unique to NDN: in-network caches, routers forwarding state and name matching rules. We assess feasibility and performance of identified CEC channels using a local setup and the official NDN testbed.

An Architectural Vision for a Data-Centric IoT: Rethinking Things, Trust and Clouds

The Internet of Things (IoT) is producing a tidal wave of data, much of it originating at the network edge, from applications with requirements unmet by the traditional back-end Cloud architecture. To address the disruption caused by the overabundance of data, this paper offers a holistic data-centric architectural vision for the data-centric IoT. It advocates that we rethink our approach to the design and definition of key elements: that we shift our focus from Things to Smart Objects; grow Trust organically; and evolve back-end Clouds toward Edge and Fog clouds, which leverage data-centric networks and enable optimal handling of upstream data flows. Along the way, we wax poetic about several blue-sky topics, assess the status of these elements in the context of related work, and identify known gaps in meeting this vision.

Despicable me(ter): Anonymous and fine-grained metering data reporting with dishonest meters

The Advanced Metering Infrastructure (AMI) is a fundamental component of modern Smart Grids, and allows fine-grained and real-time monitoring of the electricity consumption of utility customers. In an AMI, intelligent devices commonly called Smart Meters (SMs) communicate with an operation center for the purpose of management and billing. However, while on one hand this technology has the potential for advanced load balancing and grid management, it poses a threat to customers privacy. Indeed, an adversary can infer sensitive information about the end users by analyzing the metering data reported by the SMs. In this paper, we present the design of a privacy-preserving AMI for fine-grained metering data collection. We propose a collaborative protocol among SMs that achieves anonymous metering data delivery via a random multi-hop path. Our construction enables a verifier entity to detect any inconsistent behavior from SMs by accessing their internal log. Our scheme is scalable with the number of SMs in the network, and unlike existing methods, does not rely on trusted third-parties. We consider an adversarial setting where SMs are either honest-but-curious or controlled by a powerful adversary, whose aim is to deanonymize the received metering data. Finally, we prove that our protocol is secure and computationally efficient for the resource-constrained SM devices.