Riccardo Pecori

A PKI-free key agreement protocol for P2P VoIP applications

The security of the protocols involved in peer-to-peer communications is becoming a fundamental prerequisite for their widespread diffusion. In this paper, we propose a new protocol for establishing a security association between two peers willing to set up a VoIP or multimedia communication through the standard SIP protocol. Our proposal is based on the MIKEY protocol and the Diffie-Hellman algorithm for key establishment, in a ZRTP like way. Beside this shared-secret-free method, we allow also the authentication via peer certificates without using any centralized PKI. An opportune distributed certificate management is also described. The proposed method has been also implemented and integrated in an open source SIP UA.

A glimpse on big data analytics in the framework of marketing strategies

Mining and analyzing the valuable knowledge hidden behind the amount of data available in social media is becoming a fundamental prerequisite for any effective and successful strategic marketing campaign. Anyway, to the best of our knowledge, a systematic analysis and review of the very recent literature according to a marketing framework is still missing. In this work, we intend to provide, first and foremost, a clear understanding of the main concepts and issues regarding social big data, as well as their features and technologies. Secondly, we focus on marketing, describing an operative methodology to get useful insights from social big data. Then, we carry out a brief but accurate classification of recent use cases from the literature, according to the decision support and the competitive advantages obtained by enterprises whenever they exploit the analytics available from social big data sources. Finally, we outline some open issues and suggestions in order to encourage further research in the field.

S-Kademlia

Peer-to-peer architectures have become very popular in the last years for a variety of services and applications such as collaborative computing, streaming and VoIP applications. The security and integrity of the overlay involved in such networks is a fundamental prerequisite for deploying such a technology. Withstanding multiple false identities in the overlay, also known as a Sybil attack, is one of the main challenges in securing structured peer-to-peer networks. Poisoning routing tables through these identities may make the routing and storage and retrieval processes extremely difficult and time consuming. In this paper we investigate possible countermeasures and propose a novel method for making the routing and the storage and retrieval of resources in a Kademlia network more secure through the use of a combined trust-based algorithm exploiting reputation techniques. Our solution provides a balanced mixing of standard Kademlia algorithms and trust-based algorithms showing promising results in thwarting a Sybil attack in a Kademlia network, in comparison with similar methods as well.

3AKEP: Triple-authenticated key exchange protocol for peer-to-peer VoIP applications

Abstract Peer-to-peer architectures have become very popular in the last years for a variety of services and applications they support, such as collaborative computing, streaming and VoIP applications. The security of the protocols involved in such operations is, however, a fundamental prerequisite for a widespread diffusion of such a technology. In this paper, we focus on the establishment of a security association in a distributed scenario and we propose a new key exchange protocol authenticated through three different methods: i) the verification of a signature, based on the identifier of the remote peer, ii) the use of retained secrets from previously established sessions with the same peer, iii) the exchange of a Short Authentication String through a proper “trusted means”. We also provide a possible implementation for peer-to-peer VoIP applications for setting up secure multimedia communications through the standard SIP protocol. Our proposal does not require pre-shared secrets, trusted third parties, nor a Public Key Infrastructure. In addition, we investigate different ways of distributing cryptographic peer identities in a sort of P2P web-of-trust. The proposed protocols have been also implemented and integrated into an open source SIP User Agent, for functional validation.

Educational Big Data Mining: How to Enhance Virtual Learning Environments

The growing development of virtual learning platforms is boosting a new type of Big Data and of Big Data Stream, those ones that can be labeled as e-learning Big Data. These data, coming from different sources of Virtual Learning Environments, such as communications between students and instructors as well as pupils tests, require accurate analysis and mining techniques in order to retrieve from them fruitful insights. This paper analyzes the main features of current e-learning systems, pointing out their sources of data and the huge amount of information that may be retrieved from them. Moreover, we assess the concept of educational Big Data, suggesting a logical and functional layered model that can turn to be very useful in real life.

A Peer-to-Peer Secure VoIP Architecture

Voice over IP (VoIP) and multimedia real-time communications between two or more parties are widely used over the Internet. The Session Initiation Protocol (SIP) is the current signaling standard for such applications and allows users to establish and negotiate any end-to-end multimedia session. Unfortunately current SIP-based platforms use a centralized architecture where calls between User Agents (UAs) are routed based on static public-reachable proxy servers, suffering of well-known scalability and availability problems. Moreover, security is currently poorly implemented and, when supported, it usually relies on a third-party trust relationship or on a Public Key Infrastructure (PKI). In this work we propose a completely distributed P2P VoIP architecture where calls are routed relying on a Location Service implemented through a Distributed Hash Table (DHT). End-to-end security is also provided without the use of any centralized server or PKI. Secure media sessions are established and authenticated on the basis of previously established sessions or by simple peer’s voice recognition. The proposed architecture has been also implemented and publicly released.

GPU-Based Parallel Search of Relevant Variable Sets in Complex Systems

Various methods have been proposed to identify emergent dynamical structures in complex systems. In this paper, we focus on the Dynamical Cluster Index (DCI), a measure based on information theory which allows one to detect relevant sets, i.e. sets of variables that behave in a coherent and coordinated way while loosely interacting with the rest of the system. The method associates a score to each subset of system variables; therefore, for a thorough analysis of the system, it requires an exhaustive enumeration of all possible subsets. For large systems, the curse of dimensionality makes the problem solvable only using metaheuristics. Even within such approaches, however, DCI computation has to be performed for a huge number of times; thus, an efficient implementation becomes a mandatory requirement. Considering that a candidate relevant set’s DCI can be computed independently of the others, we propose a GPU-based massively parallel implementation of DCI computation. We describe the algorithm’s structure and validate it by assessing the speedup in comparison with a single-thread sequential CPU implementation when analyzing a set of dynamical systems of different sizes.

Trust-based routing for Kademlia in a sybil scenario

Withstanding multiple false identities, also known as a Sybil attack, is one of the main challenges in securing structured peer-to-peer networks. Poisoning routing tables through these identities may make the routing process, needed for storing and retrieving resources within a DHT (Distributed Hash Table), extremely difficult and time consuming. We investigate current possible countermeasures and propose a novel method for making the routing in a Kademlia-based network more secure through the use of a trust-based routing algorithm exploiting reputation techniques. Our solution provides a balanced mixing of correct routing and trusted routing showing promising results in thwarting a Sybil attack in a Kademlia network, also in comparison with similar methods.

A novel approach for internet traffic classification based on multi-objective evolutionary fuzzy classifiers

Internet traffic classification has moved in the last years from traditional port and payload-based approaches towards methods employing statistical measurements and machine learning techniques. Despite the success achieved by these techniques, they are not able to explain the relation between the features, which describe the traffic flow, and the corresponding traffic classes. This relation can be extremely useful to network managers for quickly handling possible network drawback. In this paper, we propose to tackle the traffic classification problem by using multi-objective evolutionary fuzzy classifiers (MOEFCs). MOEFCs are characterised by good trade-offs between accuracy and interpretability. We adopt two Internet traffic datasets extracted from two real-world networks. We discuss the results obtained both by applying a cross validation on each single dataset, and by using a dataset as training set and the other as test set. We show that, in both cases, MOEFCs can achieve satisfactory accuracy in the face of low complexity and, therefore, high interpretability.

A comparison analysis of trust-adaptive approaches to deliver signed public keys in P2P systems

An important and common prerequisite of many asymmetric cryptography systems is the availability of a secure mechanism for exchanging or distributing public keys. In this paper we compare two adaptive trust-based distributed schemes to deliver public keys in a peer-to-peer network. In such a scenario, centralized solutions, for example based on a certification authority or a public key infrastructure, cannot be used. For this reason we considered a completely distributed approach creating a sort of context aware web-of-trust. This is achieved in two different trust-based manners: one considering a classic request-response scheme and another one that exploits a Distributed Hash Table (DHT). We compare performances of both solutions trying to find an optimum trade-off.