Roberto Di Pietro

Elia Onofri, Andrea Ciccotelli, Roberto Di Pietro

Oblivious Transfer (OT) is a fundamental cryptographic primitive enabling privacy-preserving computation and constitutes a core building block for secure multi-party computation while supporting a wide range of security-sensitive applications: private information retrieval, zero-knowledge proofs, and password-authenticated key exchange, to cite a few. While recent advances in OT extension have significantly reduced amortised costs, their reliance on batches of random base OTs and substantial pre-computation phases limits their practicality in scenarios where the number of transfers is modest or where communication latency and client-side computation are critical constraints. In such settings, efficient base OT protocols remain both relevant and necessary. In this work, we introduce $I$-$(OT)^2$, a novel base 1-out-of-2 OT protocol grounded in the quadratic residuosity problem, specifically designed to minimise receiver-side computation and interaction. Our construction is particularly appealing on client--server architectures in which the receiver operates on low-power hardware, such as Internet of Things (IoT) devices. Through a lightweight offline pre-computation phase, $I$-$(OT)^2$ shifts the on-transfer computational burden almost entirely to the Sender, while reducing online communication to only six messages and four digests exchanged. We provide a detailed description of the protocol, accompanied by a formal proof of its security. Moreover, to demonstrate the viability of $I$-$(OT)^2$, we also present an open-source proof-of-concept implementation (in C language) evaluated on real IoT hardware. Results are staggering: for 128-bit security using a 3072-bit RSA modulus, the receiver incurs an average online cost per OT as low as 2.80 μs on desktop platforms and 39.90 μs on IoT devices, more than 10$\times$ faster than the well known SimplestOT.

Stefano Cresci, Kai-Cheng Yang, Angelo Spognardi et al.

Research on social bots aims at advancing knowledge and providing solutions to one of the most debated forms of online manipulation. Yet, social bot research is plagued by widespread biases, hyped results, and misconceptions that set the stage for ambiguities, unrealistic expectations, and seemingly irreconcilable findings. Overcoming such issues is instrumental towards ensuring reliable solutions and reaffirming the validity of the scientific method. Here, we discuss a broad set of consequential methodological and conceptual issues that affect current social bots research, illustrating each with examples drawn from recent studies. More importantly, we demystify common misconceptions, addressing fundamental points on how social bots research is discussed. Our analysis surfaces the need to discuss research about online disinformation and manipulation in a rigorous, unbiased, and responsible way. This article bolsters such effort by identifying and refuting common fallacious arguments used by both proponents and opponents of social bots research, as well as providing directions toward sound methodologies for future research.

Elia Onofri, Andrea De Salve, Paolo Mori et al.

The Self-Sovereign Identity (SSI) paradigm is instrumental for decentralised identity management, allowing an entity to create, manage, and present their digital credentials without relying on centralised authorities. Credential selective disclosure is one of the most attractive privacy-preserving features of SSI, allowing users to reveal only the minimum necessary information from their credentials. However, current selective disclosure mechanisms primarily focus on protecting the privacy of credential Holders, while offering limited protection to the Verifiers of credentials. Indeed, the specific credential information requested by a Verifier can inadvertently reveal to credential Holders sensitive information, including internal decision-making criteria, business rules, or strategic plans. In this work, we address this threat by proposing, to the best of our knowledge, the first approach that enforces mutual privacy in credential exchanges. To this end, we introduce COD-ssi (Claim Oblivious Disclosure for SSI), a novel framework that leverages Oblivious Pseudorandom Functions to allow Verifiers to selectively access a subset of claims without revealing which specific claims were accessed to the credential Holder. The security of our solution is formally verified and its feasibility is assessed through the experimental evaluation of our open-source prototype implementation. These results show that provable mutual privacy in the context of SSI can be achieved with just moderate computational and communication overhead.

Mouna Rabhi, Roberto Di Pietro

Adversarial attacks on deep-learning models pose a serious threat to their reliability and security. Existing defense mechanisms are narrow addressing a specific type of attack or being vulnerable to sophisticated attacks. We propose a new defense mechanism that, while being focused on image-based classifiers, is general with respect to the cited category. It is rooted on hyperspace projection. In particular, our solution provides a pseudo-random projection of the original dataset into a new dataset. The proposed defense mechanism creates a set of diverse projected datasets, where each projected dataset is used to train a specific classifier, resulting in different trained classifiers with different decision boundaries. During testing, it randomly selects a classifier to test the input. Our approach does not sacrifice accuracy over legitimate input. Other than detailing and providing a thorough characterization of our defense mechanism, we also provide a proof of concept of using four optimization-based adversarial attacks (PGD, FGSM, IGSM, and C\&W) and a generative adversarial attack testing them on the MNIST dataset. Our experimental results show that our solution increases the robustness of deep learning models against adversarial attacks and significantly reduces the attack success rate by at least 89% for optimization attacks and 78% for generative attacks. We also analyze the relationship between the number of used hyperspaces and the efficacy of the defense mechanism. As expected, the two are positively correlated, offering an easy-to-tune parameter to enforce the desired level of security. The generality and scalability of our solution and adaptability to different attack scenarios, combined with the excellent achieved results, other than providing a robust defense against adversarial attacks on deep learning networks, also lay the groundwork for future research in the field.

Emanuele Ricco, Elia Onofri, Lorenzo Cima et al.

Hallucinations -- fluent but factually incorrect responses -- pose a major challenge to the reliability of language models, especially in multi-step or agentic settings. This work investigates hallucinations in small-sized LLMs through a geometric perspective, starting from the hypothesis that when models generate multiple responses to the same prompt, genuine ones exhibit tighter clustering in the embedding space, we prove this hypothesis and, leveraging this geometrical insight, we also show that it is possible to achieve a consistent level of separability. This latter result is used to introduce a label-efficient propagation method that classifies large collections of responses from just 30-50 annotations, achieving F1 scores above 90%. Our findings, framing hallucinations from a geometric perspective in the embedding space, complement traditional knowledge-centric and single-response evaluation paradigms, paving the way for further research.

Ahmed Mahrous, Roberto Di Pietro

Cryptocurrency pump-and-dump schemes coordinated via Telegram threaten market integrity. However, existing research addressing this specific threat has not yet produced solutions that combine reliable results with fast response. This is in part due to the absence of publicly available, message-level labeled data, as well as design choices. In this paper, we address both issues. In particular, we introduce a corpus of over 280,000 Telegram posts from 39 pump-organizing groups, all manually reviewed to identify 2,246 pump announcements and their targeted cryptocurrency and exchange. Leveraging this dataset, we define two tasks: real-time pump-announcement detection and target cryptocurrency/exchange extraction. For detection, we compare two machine-learning models: a lightweight tree-based LightGBM classifier (F1=0.79, latency=9.4 s/sample) and a transformer-based BGE-M3 (F1=0.83, latency=50 ms/sample). With our proposed approach, we show that message analysis can achieve near-instant pump detection at the level of individual Telegram message windows. Unlike prior work that relies purely on market data and typically detects pumps tens of seconds after abnormal trading activity is observed, our method operates directly on the coordination messages themselves and can be evaluated in microseconds per window on commodity hardware. To our knowledge, we also establish the first benchmark for manipulated coin and exchange extraction. We demonstrate that traditional rule-based extraction methods, widely relied upon in prior literature, are ineffective due to ticker ambiguity. In contrast, LLMs achieve the highest accuracy with a score of 0.91.

Ahmed Mahrous, Roberto Di Pietro

Emojis are widely used in online financial communication, but it is unclear whether they provide transferable sentiment signals across languages, platforms, and asset communities. This study examines the extent to which emoji usage, semantics, and sentiment polarity remain stable across financial communities, and how these layers influence zero-shot sentiment transfer. Using large corpora of Twitter and StockTwits posts in four languages, we measure cross-community divergence and evaluate sentiment models trained under emoji-only, text-only, and text+emoji inputs. We find that emoji frequencies differ across communities, especially across languages, but their semantics and sentiment polarity are largely stable. Cross-asset transferability shows minimal degradation, while cross-language transfer remains the most challenging. Including emojis consistently reduces transfer gaps relative to text-only models. These results indicate that financial communication exhibits a partially shared ``emoji code,'' and that emojis provide compact, language-independent sentiment cues that improve model generalization across markets and platforms.

Pietro Tedeschi, Spiridon Bakiras, Roberto Di Pietro

A plethora of contact tracing apps have been developed and deployed in several countries around the world in the battle against Covid-19. However, people are rightfully concerned about the security and privacy risks of such applications. To this end, the contribution of this work is twofold. First, we present an in-depth analysis of the security and privacy characteristics of the most prominent contact tracing protocols, under both passive and active adversaries. The results of our study indicate that all protocols are vulnerable to a variety of attacks, mainly due to the deterministic nature of the underlying cryptographic protocols. Our second contribution is the design and implementation of SpreadMeNot, a novel contact tracing protocol that can defend against most passive and active attacks, thus providing strong (provable) security and privacy guarantees that are necessary for such a sensitive application. Our detailed analysis, both formal and experimental, shows that SpreadMeNot satisfies security, privacy, and performance requirements, hence being an ideal candidate for building a contact tracing solution that can be adopted by the majority of the general public, as well as to serve as an open-source reference for further developments in the field.

Omar Adel Ibrahim, Savio Sciancalepore, Roberto Di Pietro

The increasing popularity of autonomous and remotely-piloted drones have paved the way for several use-cases, e.g., merchandise delivery and surveillance. In many scenarios, estimating with zero-touch the weight of the payload carried by a drone before its physical approach could be attractive, e.g., to provide an early tampering detection. In this paper, we investigate the possibility to remotely detect the weight of the payload carried by a commercial drone by analyzing its acoustic fingerprint. We characterize the difference in the thrust needed by the drone to carry different payloads, resulting in significant variations of the related acoustic fingerprint. We applied the above findings to different use-cases, characterized by different computational capabilities of the detection system. Results are striking: using the Mel-Frequency Cepstral Coefficients (MFCC) components of the audio signal and different Support Vector Machine (SVM) classifiers, we achieved a minimum classification accuracy of 98% in the detection of the specific payload class carried by the drone, using an acquisition time of 0.25 s---performances improve when using longer time acquisitions. All the data used for our analysis have been released as open-source, to enable the community to validate our findings and use such data as a ready-to-use basis for further investigations.

Simone Raponi, Roberto Di Pietro

Single-factor password-based authentication is generally the norm to access on-line Web-sites. While single-factor authentication is well known to be a weak form of authentication, a further concern arises when considering the possibility for an attacker to recover the user passwords by leveraging the loopholes in the password recovery mechanisms. Indeed, the adoption by a Web-site of a poor password management system makes useless even the most robust password chosen by the registered users. In this paper, building on the results of our previous work, we study the possible attacks to on-line password recovery systems analyzing the mechanisms implemented by some of the most popular Web-sites. In detail, we provide several contributions: (i) we revise and detail the attacker model; (ii) we provide an updated analysis with respect to a preliminary study we carried out in December 2017; (iii) we perform a brand new analysis of the current top 200 Alexa's Web-sites of five major EU countries; and, (iv) we propose \sol, a working open-source module that could be adopted by any Web-site to provide registered users with a password recovery mechanism to prevent mail service provider-level attacks. Overall, it is striking to notice how the analyzed Web-sites have made little (if any) effort to become compliant with the GDPR regulation, showing that the objective to have basic user protection mechanisms in place---despite the fines threatened by GDPR---is still far, mainly because of sub-standard security management practices. Finally, it is worth noting that while this study has been focused on EU registered Web-sites, the proposed solution has, instead, general applicability.

Gabriele Oligeri, Savio Sciancalepore, Simone Raponi et al.

Wireless devices resorting to event-triggered communications have been proved to suffer critical privacy issues, due to the intrinsic leakage associated with radio-frequency (RF) emissions. In this paper, we move the attack frontier forward by proposing BrokenStrokes: an inexpensive, easy to implement, efficient, and effective attack able to detect the typing of a pre-defined keyword by only eavesdropping the communication channel used by the wireless keyboard. BrokenStrokes proves itself to be a particularly dreadful attack: it achieves its goal when the eavesdropping antenna is up to 15 meters from the target keyboard, regardless of the encryption scheme, the communication protocol, the presence of radio noise, and the presence of physical obstacles. While we detail the attack in three current scenarios and discuss its striking performance--its success probability exceeds 90% in normal operating conditions--, we also provide some suggestions on how to mitigate it. The data utilized in this paper have been released as open-source to allow practitioners, industries, and academia to verify our claims and use them as a basis for further developments.

Savio Sciancalepore, Omar Adel Ibrahim, Gabriele Oligeri et al.

We propose PiNcH, a methodology to detect the presence of a drone, its current status, and its movements by leveraging just the communication traffic exchanged between the drone and its Remote Controller (RC). PiNcH is built applying standard classification algorithms to the eavesdropped traffic, analyzing features such as packets inter-arrival time and size. PiNcH is fully passive and it requires just cheap and general-purpose hardware. To evaluate the effectiveness of our solution, we collected real communication traces originated by a drone running the widespread ArduCopter open-source firmware, currently mounted on-board of a wide range (30+) of commercial amateur drones. We tested our solution against different publicly available wireless traces. The results prove that PiNcH can efficiently and effectively: (i) identify the presence of the drone in several heterogeneous scenarios; (ii) identify the current state of a powered-on drone, i.e., flying or lying on the ground; (iii) discriminate the movements of the drone; and, finally, (iv) enjoy a reduced upper bound on the time required to identify a drone with the requested level of assurance. The effectiveness of PiNcH has been also evaluated in the presence of both heavy packet loss and evasion attacks. In this latter case, the adversary modifies on purpose the profile of the traffic of the drone-RC link to avoid the detection. In both the cited cases, PiNcH continues enjoying a remarkable performance. Further, the comparison against state of the art solution confirms the superior performance of PiNcH in several scenarios. Note that all the drone-controller generated data traces have been released as open-source, to allow replicability and foster follow-up. Finally, the quality and viability of our solution, do prove that network traffic analysis can be successfully adopted for drone identification and status discrimination.

Ahmed Mahrous, Roberto Di Pietro

This paper explores the use of emojis in financial sentiment analysis, focusing on the social media platform StockTwits. Emojis, increasingly prevalent in digital communication, have potential as compact indicators of investor sentiment, which can be critical for predicting market trends. Our study examines whether emojis alone can serve as reliable proxies for financial sentiment and how they compare with traditional text-based analysis. We conduct a series of experiments using logistic regression and transformer models. We further analyze the performance, computational efficiency, and data requirements of emoji-based versus text-based sentiment classification. Using a balanced dataset of about 528,000 emoji-containing StockTwits posts, we find that emoji-only models achieve F1 approximately 0.75, lower than text-emoji combined models, which achieve F1 approximately 0.88, but with far lower computational cost. This is a useful feature in time-sensitive settings such as high-frequency trading. Furthermore, certain emojis and emoji pairs exhibit strong predictive power for market sentiment, demonstrating over 90 percent accuracy in predicting bullish or bearish trends. Finally, our research reveals large statistical differences in emoji usage between financial and general social media contexts, stressing the need for domain-specific sentiment analysis models.

Emanuele Ricco, Lorenzo Cima, Roberto Di Pietro

Hallucinations are one of the major issues affecting LLMs, hindering their wide adoption in production systems. While current research solutions for detecting hallucinations are mainly based on heuristics, in this paper we introduce a mathematically sound methodology to reason about hallucination, and leverage it to build a tool to detect hallucinations. To the best of our knowledge, we are the first to show that hallucinated content has structural differences with respect to correct content. To prove this result, we resort to the Minkowski distances in the embedding space. Our findings demonstrate statistically significant differences in the embedding distance distributions, that are also scale free -- they qualitatively hold regardless of the distance norm used and the number of keywords, questions, or responses. We leverage these structural differences to develop a tool to detect hallucinated responses, achieving an accuracy of 66\% for a specific configuration of system parameters -- comparable with the best results in the field. In conclusion, the suggested methodology is promising and novel, possibly paving the way for further research in the domain, also along the directions highlighted in our future work.

Emanuele Ricco, Elia Onofri, Lorenzo Cima et al.

A critical need has emerged for generative AI: attribution methods. That is, solutions that can identify the model originating AI-generated content. This feature, generally relevant in multimodal applications, is especially sensitive in commercial settings where users subscribe to paid proprietary services and expect guarantees about the source of the content they receive. To address these issues, we introduce PRISM, a scalable Phase-enhanced Radial-based Image Signature Mapping framework for fingerprinting AI-generated images. PRISM is based on a radial reduction of the discrete Fourier transform that leverages amplitude and phase information to capture model-specific signatures. The output of the above process is subsequently clustered via linear discriminant analysis to achieve reliable model attribution in diverse settings, even if the model's internal details are inaccessible. To support our work, we construct PRISM-36K, a novel dataset of 36,000 images generated by six text-to-image GAN- and diffusion-based models. On this dataset, PRISM achieves an attribution accuracy of 92.04%. We additionally evaluate our method on four benchmarks from the literature, reaching an average accuracy of 81.60%. Finally, we evaluate our methodology also in the binary task of detecting real vs fake images, achieving an average accuracy of 88.41%. We obtain our best result on GenImage with an accuracy of 95.06%, whereas the original benchmark achieved 82.20%. Our results demonstrate the effectiveness of frequency-domain fingerprinting for cross-architecture and cross-dataset model attribution, offering a viable solution for enforcing accountability and trust in generative AI systems.

Pietro Tedeschi, Savio Sciancalepore, Roberto Di Pietro

Satellite-based Communication systems are gaining renewed momentum in Industry and Academia, thanks to innovative services introduced by leading tech companies and the promising impact they can deliver towards the global connectivity objective tackled by early 6G initiatives. On the one hand, the emergence of new manufacturing processes and radio technologies promises to reduce service costs while guaranteeing outstanding communication latency, available bandwidth, flexibility, and coverage range. On the other hand, cybersecurity techniques and solutions applied in SATCOM links should be updated to reflect the substantial advancements in attacker capabilities characterizing the last two decades. However, business urgency and opportunities are leading operators towards challenging system trade-offs, resulting in an increased attack surface and a general relaxation of the available security services. In this paper, we tackle the cited problems and present a comprehensive survey on the link-layer security threats, solutions, and challenges faced when deploying and operating SATCOM systems.Specifically, we classify the literature on security for SATCOM systems into two main branches, i.e., physical-layer security and cryptography schemes.Then, we further identify specific research domains for each of the identified branches, focusing on dedicated security issues, including, e.g., physical-layer confidentiality, anti-jamming schemes, anti-spoofing strategies, and quantum-based key distribution schemes. For each of the above domains, we highlight the most essential techniques, peculiarities, advantages, disadvantages, lessons learned, and future directions.Finally, we also identify emerging research topics whose additional investigation by Academia and Industry could further attract researchers and investors, ultimately unleashing the full potential behind ubiquitous satellite communications.

Eduard Marin, Diego Perino, Roberto Di Pietro

Serverless Computing is a virtualisation-related paradigm that promises to simplify application management and to solve the last challenges in the field: scale down and easy to use. The implied cost reduction, coupled with a simplified management of underlying applications, are expected to further push the adoption of virtualisation-based solutions, including cloud-computing or telco-cloud solutions. However, in this quest for efficiency, security is not ranked among the top priorities, also because of the (misleading) belief that current solutions developed for virtualised environments could be applied (as is) to this new paradigm. Unfortunately, this is not the case, due to the highlighted idiosyncratic features of serverless computing. In this paper, we review the current serverless architectures, abstract and categorise their founding principles, and provide an in depth analyse of them from the point of view of security, referring to principles and practices of the cybersecurity domain. In particular, we show the security shortcomings of the analysed serverless architectural paradigms, point to possible countermeasures, and highlight a few research directions.

Maurantonio Caprolu, Matteo Pontecorvi, Matteo Signorini et al.

Bitcoin (BTC) is probably the most transparent payment network in the world, thanks to the full history of transactions available to the public. Though, Bitcoin is not a fully anonymous environment, rather a pseudonymous one, accounting for a number of attempts to beat its pseudonimity using clustering techniques. There is, however, a recurring assumption in all the cited deanonymization techniques: that each transaction output has an address attached to it. That assumption is false. An evidence is that, as of block height 591,872, there are several millions transactions with at least one output for which the Bitcoin Core client cannot infer an address. In this paper, we present a novel approach based on sound graph theory for identifying transaction inputs and outputs. Our solution implements two simple yet innovative features: it does not rely on BTC addresses and explores all the transactions stored in the blockchain. All the other existing solutions fail with respect to one or both of the cited features. In detail, we first introduce the concept of Unknown Transaction and provide a new framework to parse the Bitcoin blockchain by taking them into account. Then, we introduce a theoretical model to detect, study, and classify -- for the first time in the literature -- unknown transaction patterns in the user network. Further, in an extensive experimental campaign, we apply our model to the Bitcoin network to uncover hidden transaction patterns within the Bitcoin user network. Results are striking: we discovered more than 30,000 unknown transaction DAGs, with a few of them exhibiting a complex yet ordered topology and potentially connected to automated payment services. To the best of our knowledge, the proposed framework is the only one that enables a complete study of the unknown transaction patterns, hence enabling further research in the fields -- for which we provide some directions.

Pietro Tedeschi, Kang Eun Jeon, James She et al.

Contact tracing is the techno-choice of reference to address the COVID-19 pandemic. Many of the current approaches have severe privacy and security issues and fail to offer a sustainable contact tracing infrastructure. We address these issues introducing an innovative, privacy-preserving, sustainable, and experimentally tested architecture that leverages batteryless BLE beacons.

Gabriele Oligeri, Simone Raponi, Savio Sciancalepore et al.

Physical-layer security is regaining traction in the research community, due to the performance boost introduced by deep learning classification algorithms. This is particularly true for sender authentication in wireless communications via radio fingerprinting. However, previous research efforts mainly focused on terrestrial wireless devices while, to the best of our knowledge, none of the previous work took into consideration satellite transmitters. The satellite scenario is generally challenging because, among others, satellite radio transducers feature non-standard electronics (usually aged and specifically designed for harsh conditions). Moreover, the fingerprinting task is specifically difficult for Low-Earth Orbit (LEO) satellites (like the ones we focus in this paper) since they orbit at about 800Km from the Earth, at a speed of around 25,000Km/h, thus making the receiver experiencing a down-link with unique attenuation and fading characteristics. In this paper, we propose PAST-AI, a methodology tailored to authenticate LEO satellites through fingerprinting of their IQ samples, using advanced AI solutions. Our methodology is tested on real data -- more than 100M I/Q samples -- collected from an extensive measurements campaign on the IRIDIUM LEO satellites constellation, lasting 589 hours. Results are striking: we prove that Convolutional Neural Networks (CNN) and autoencoders (if properly calibrated) can be successfully adopted to authenticate the satellite transducers, with an accuracy spanning between 0.8 and 1, depending on prior assumptions. The proposed methodology, the achieved results, and the provided insights, other than being interesting on their own, when associated to the dataset that we made publicly available, will also pave the way for future research in the area.

Pietro Tedeschi, Spiridon Bakiras, Roberto Di Pietro

Contact tracing promises to help fight the spread of Covid-19 via an early detection of possible contagion events. To this end, most existing solutions share the following architecture: smartphones continuously broadcast random beacons that are intercepted by nearby devices and stored into their local contact logs. In this paper, we propose an IoT-enabled architecture for contact tracing that relaxes the smartphone-centric assumption, and provide a solution that enjoys the following features: (i) it reduces the overhead on the end-user to the bare minimum -- the mobile device only broadcasts its beacons; (ii) it provides the user with a degree of privacy not achieved by competing solutions -- even in the most privacy adverse scenario, the solution provides k-anonymity; and, (iii) it is flexible: the same architecture can be configured to support several models -- ranging from the fully decentralized to the fully centralized ones -- and the system parameters can be tuned to support the tracing of several social interaction models. We also highlight open issues and discuss a number of future research directions.

Giovanni Da San Martino, Stefano Cresci, Alberto Barron-Cedeno et al.

Propaganda campaigns aim at influencing people's mindset with the purpose of advancing a specific agenda. They exploit the anonymity of the Internet, the micro-profiling ability of social networks, and the ease of automatically creating and managing coordinated networks of accounts, to reach millions of social network users with persuasive messages, specifically targeted to topics each individual user is sensitive to, and ultimately influencing the outcome on a targeted issue. In this survey, we review the state of the art on computational propaganda detection from the perspective of Natural Language Processing and Network Analysis, arguing about the need for combined efforts between these communities. We further discuss current challenges and future research directions.

Gabriele Oligeri, Savio Sciancalepore, Roberto Di Pietro

In this paper, we study the privately-own IRIDIUM satellite constellation, to provide a location service that is independent of the GNSS. In particular, we apply our findings to propose a new GNSS spoofing detection solution, exploiting unencrypted IRIDIUM Ring Alert (IRA) messages that are broadcast by IRIDIUM satellites. We firstly reverse-engineer many parameters of the IRIDIUM satellite constellation, such as the satellites speed, packet interarrival times, maximum satellite coverage, satellite pass duration, and the satellite beam constellation, to name a few. Later, we adopt the aforementioned statistics to create a detailed model of the satellite network. Subsequently, we propose a solution to detect unintended deviations of a target user from his path, due to GNSS spoofing attacks. We show that our solution can be used efficiently and effectively to verify the position estimated from standard GNSS satellite constellation, and we provide constraints and parameters to fit several application scenarios. All the results reported in this paper, while showing the quality and viability of our proposal, are supported by real data. In particular, we have collected and analyzed hundreds of thousands of IRA messages, thanks to a measurement campaign lasting several days. All the collected data ($1000+$ hours) have been made available to the research community. Our solution is particularly suitable for unattended scenarios such as deserts, rural areas, or open seas, where standard spoofing detection techniques resorting to crowd-sourcing cannot be used due to deployment limitations. Moreover, contrary to competing solutions, our approach does not resort to physical-layer information, dedicated hardware, or multiple receiving stations, while exploiting only a single receiving antenna and publicly-available IRIDIUM transmissions. Finally, novel research directions are also highlighted.

Pietro Tedeschi, Savio Sciancalepore, Roberto Di Pietro

The recent advancements in hardware miniaturization capabilities have boosted the diffusion of systems based on Energy Harvesting (EH) technologies, as a means to power embedded wireless devices in a sustainable and low-cost fashion. Despite the undeniable management advantages, the intermittent availability of the energy source and the limited power supply has led to challenging system trade-offs, resulting in an increased attack surface and a general relaxation of the available security services. In this paper, we survey the security issues, applications, techniques, and challenges arising in wireless networks powered via EH technologies. We explore the vulnerabilities of EH networks, and we provide a comprehensive overview of the scientific literature, including attack vectors, cryptography techniques, physical-layer security schemes for data secrecy, and additional physical-layer countermeasures. For each of the identified macro-areas, we compare the scientific contributions across a range of shared features, indicating the pros and cons of the described techniques, the research challenges, and a few future directions. Finally, we also provide an overview of the emerging topics in the area, such as Non-Orthogonal Multiple Access (NOMA) and Rate-Splitting Multiple Access (RSMA) schemes, and Intelligent Reconfigurable Surfaces, that could trigger the interest of industry and academia and unleash the full potential of pervasive EH wireless networks.

Maurantonio Caprolu, Roberto Di Pietro, Simone Raponi et al.

Vessels cybersecurity is recently gaining momentum, as a result of a few recent attacks to vessels at sea. These recent attacks have shacked the maritime domain, which was thought to be relatively immune to cyber threats. The cited belief is now over, as proved by recent mandates issued by the International Maritime Organization (IMO). According to these regulations, all vessels should be the subject of a cybersecurity risk analysis, and technical controls should be adopted to mitigate the resulting risks. This initiative is laudable since, despite the recent incidents, the vulnerabilities and threats affecting modern vessels are still unclear to operating entities, leaving the potential for dreadful consequences of further attacks just a matter of "when", not "if". In this contribution, we investigate and systematize the major security weaknesses affecting systems and communication technologies adopted in modern vessels. Specifically, we describe the architecture and main features of the different systems, pointing out their main security issues, and specifying how they were exploited by attackers to cause service disruption and relevant financial losses. We also identify a few countermeasures to the introduced attacks. Finally, we highlight a few research challenges to be addressed by industry and academia to strengthen vessels security.

Omar Adel Ibrahim, Savio Sciancalepore, Gabriele Oligeri et al.

Universal Serial Bus (USB) Flash Drives are nowadays one of the most convenient and diffused means to transfer files, especially when no Internet connection is available. However, USB flash drives are also one of the most common attack vectors used to gain unauthorized access to host devices. For instance, it is possible to replace a USB drive so that when the USB key is connected, it would install passwords stealing tools, root-kit software, and other disrupting malware. In such a way, an attacker can steal sensitive information via the USB-connected devices, as well as inject any kind of malicious software into the host. To thwart the above-cited raising threats, we propose MAGNETO, an efficient, non-interactive, and privacy-preserving framework to verify the authenticity of a USB flash drive, rooted in the analysis of its unintentional magnetic emissions. We show that the magnetic emissions radiated during boot operations on a specific host are unique for each device, and sufficient to uniquely fingerprint both the brand and the model of the USB flash drive, or the specific USB device, depending on the used equipment. Our investigation on 59 different USB flash drives---belonging to 17 brands, including the top brands purchased on Amazon in mid-2019---, reveals a minimum classification accuracy of 98.2% in the identification of both brand and model, accompanied by a negligible time and computational overhead. MAGNETO can also identify the specific USB Flash drive, with a minimum classification accuracy of 91.2%. Overall, MAGNETO proves that unintentional magnetic emissions can be considered as a viable and reliable means to fingerprint read-only USB flash drives. Finally, future research directions in this domain are also discussed.

Simone Raponi, Savio Sciancalepore, Gabriele Oligeri et al.

Assisted-navigation applications have a relevant impact on our daily life. However, technological progress in virtualization technologies and Software-Defined Radios recently enabled new attack vectors, namely, road traffic poisoning. These attacks open up several dreadful scenarios, which are addressed in this contribution by identifying the associated challenges and proposing innovative countermeasures.

Maurantonio Caprolu, Savio Sciancalepore, Roberto Di Pietro

Short-range audio channels have a few distinguishing characteristics: ease of use, low deployment costs, and easy to tune frequencies, to cite a few. Moreover, thanks to their seamless adaptability to the security context, many techniques and tools based on audio signals have been recently proposed. However, while the most promising solutions are turning into valuable commercial products, acoustic channels are increasingly used also to launch attacks against systems and devices, leading to security concerns that could thwart their adoption. To provide a rigorous, scientific, security-oriented review of the field, in this paper we survey and classify methods, applications, and use-cases rooted on short-range audio channels for the provisioning of security services---including Two-Factor Authentication techniques, pairing solutions, device authorization strategies, defense methodologies, and attack schemes. Moreover, we also point out the strengths and weaknesses deriving from the use of short-range audio channels. Finally, we provide open research issues in the context of short-range audio channels security, calling for contributions from both academia and industry.

Maurantonio Caprolu, Simone Raponi, Gabriele Oligeri et al.

A new cybersecurity attack,where an adversary illicitly runs crypto-mining software over the devices of unaware users, is emerging in both the literature and in the wild . This attack, known as cryptojacking, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently been proposed, with different features and performance, but all characterized by a host-based architecture. This kind of solutions, designed to protect the individual user, are not suitable for efficiently protecting a corporate network, especially against insiders. In this paper, we propose a network-based approach to detect and identify crypto-clients activities by solely relying on the network traffic, even when encrypted. First, we provide a detailed analysis of the real network traces generated by three major cryptocurrencies, Bitcoin, Monero, and Bytecoin, considering both the normal traffic and the one shaped by a VPN. Then, we propose Crypto-Aegis, a Machine Learning (ML) based framework built over the results of our investigation, aimed at detecting cryptocurrencies related activities, e.g., pool mining, solo mining, and active full nodes. Our solution achieves a striking 0.96 of F1-score and 0.99 of AUC for the ROC, while enjoying a few other properties, such as device and infrastructure independence. Given the extent and novelty of the addressed threat we believe that our approach, supported by its excellent results, pave the way for further research in this area.

Isra Mohamed Ali, Maurantonio Caprolu, Roberto Di Pietro

Cryptographic algorithms have been used not only to create robust ciphertexts but also to generate cryptograms that, contrary to the classic goal of cryptography, are meant to be broken. These cryptograms, generally called puzzles, require the use of a certain amount of resources to be solved, hence introducing a cost that is often regarded as a time delay---though it could involve other metrics as well, such as bandwidth. These powerful features have made puzzles the core of many security protocols, acquiring increasing importance in the IT security landscape. The concept of a puzzle has subsequently been extended to other types of schemes that do not use cryptographic functions, such as CAPTCHAs, which are used to discriminate humans from machines. Overall, puzzles have experienced a renewed interest with the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In this paper, we provide a comprehensive study of the most important puzzle construction schemes available in the literature, categorizing them according to several attributes, such as resource type, verification type, and applications. We have redefined the term puzzle by collecting and integrating the scattered notions used in different works, to cover all the existing applications. Moreover, we provide an overview of the possible applications, identifying key requirements and different design approaches. Finally, we highlight the features and limitations of each approach, providing a useful guide for the future development of new puzzle schemes.

Savio Sciancalepore, Roberto Di Pietro

Automatic Dependent Surveillance - Broadcast (ADS-B) is the next generation communication technology selected for allowing commercial and military aircraft to deliver flight information to both ground base stations and other airplanes. Today, it is already on-board of 80% of commercial aircraft, and it will become mandatory by the 2020 in the US and the EU. ADS-B has been designed without any security consideration --- messages are delivered wirelessly in clear text and they are not authenticated. In this paper we propose Securing Open Skies (SOS), a lightweight and standard-compliant framework for securing ADS-B technology wireless communications. SOS leverages the well-known \muTESLA protocol, and includes some modifications necessary to deal with the severe bandwidth constraints of the ADS-B communication technology. In addition, SOS is resilient against message injection attacks, by recurring to majority voting techniques applied on central community servers. Overall, SOS emerges as a lightweight security solution, with a limited bandwidth overhead, that does not require any modification to the hardware already deployed. Further, SOS is standard compliant and able to reject active adversaries aiming at disrupting the correct functioning of the communication system. Finally, comparisons against state-of-the-art solutions do show the superior quality and viability of our solution.

Roberto Di Pietro, Flavio Lombardi

Virtualization technologies allow multiple tenants to share physical resources with a degree of security and isolation that cannot be guaranteed by mere containerization. Further, virtualization allows protected transparent introspection of Virtual Machine activity and content, thus supporting additional control and monitoring. These features provide an explanation, although partial, of why virtualization has been an enabler for the flourishing of cloud services. Nevertheless, security and privacy issues are still present in virtualization technology and hence in Cloud platforms. As an example, even hardware virtualization protection/isolation is far from being perfect and uncircumventable, as recently discovered vulnerabilities show. The objective of this paper is to shed light on current virtualization technology and its evolution from the point of view of security, having as an objective its applications to the Cloud setting.

Matteo Signorini, Matteo Pontecorvi, Wael Kanoun et al.

Anomaly detection tools play a role of paramount importance in protecting networks and systems from unforeseen attacks, usually by automatically recognizing and filtering out anomalous activities. Over the years, different approaches have been designed, all focused on lowering the false positive rate. However, no proposal has addressed attacks targeting blockchain-based systems. In this paper we present BAD: the first Blockchain Anomaly Detection solution. BAD leverages blockchain meta-data, named forks, in order to collect potentially malicious activities in the network/system. BAD enjoys the following features: (i) it is distributed (thus avoiding any central point of failure), (ii) it is tamper-proof (making not possible for a malicious software to remove or to alter its own traces), (iii) it is trusted (any behavioral data is collected and verified by the majority of the network) and (iv) it is private (avoiding any third party to collect/analyze/store sensitive information). Our proposal is validated via both experimental results and theoretical complexity analysis, that highlight the quality and viability of our Blockchain Anomaly Detection solution.

Simone Raponi, Roberto Di Pietro

The widespread usage of password authentication in online websites leads to an ever-increasing concern, especially when considering the possibility for an attacker to recover the user password by leveraging the loopholes in the password recovery mechanisms. Indeed, if a website adopts a poor password management system, this choice makes useless even the most robust password chosen by its users. In this paper, we first provide a survey of currently adopted password recovery mechanisms. Later, we model an attacker with different capabilities and we show how current password recovery mechanisms can be exploited in our attacker model. Then, we provide a thorough analysis of the password management of some of the Alexa's top 200 websites in different countries, including England, France, Germany, Spain and Italy. Of these 1,000 websites, 722 do not require authentication -- and hence are excluded by our study -- while out of the remaining 278 we focused on 174, since 104 demanded a complex registration procedure. Of these 174, almost 25% of the them have critical vulnerabilities, while 44% have some form of vulnerability. Finally, we propose some effective countermeasures and we point out that, by considering the entry into force of the General Data Protection Regulation (GDPR) in May, 2018, most of websites are not compliant with the legislation and may incur in heavy fines. This study, other than being important on its own since it highlights some severe current vulnerabilities and proposes corresponding remedies, has the potential to also have a relevant impact on the EU industrial ecosystem.

Stefano Cresci, Roberto Di Pietro, Marinella Petrocchi et al.

Spambot detection in online social networks is a long-lasting challenge involving the study and design of detection techniques capable of efficiently identifying ever-evolving spammers. Recently, a new wave of social spambots has emerged, with advanced human-like characteristics that allow them to go undetected even by current state-of-the-art algorithms. In this paper, we show that efficient spambots detection can be achieved via an in-depth analysis of their collective behaviors exploiting the digital DNA technique for modeling the behaviors of social network users. Inspired by its biological counterpart, in the digital DNA representation the behavioral lifetime of a digital account is encoded in a sequence of characters. Then, we define a similarity measure for such digital DNA sequences. We build upon digital DNA and the similarity between groups of users to characterize both genuine accounts and spambots. Leveraging such characterization, we design the Social Fingerprinting technique, which is able to discriminate among spambots and genuine accounts in both a supervised and an unsupervised fashion. We finally evaluate the effectiveness of Social Fingerprinting and we compare it with three state-of-the-art detection algorithms. Among the peculiarities of our approach is the possibility to apply off-the-shelf DNA analysis techniques to study online users behaviors and to efficiently rely on a limited number of lightweight account characteristics.

Stefano Cresci, Roberto Di Pietro, Marinella Petrocchi et al.

We propose a strikingly novel, simple, and effective approach to model online user behavior: we extract and analyze digital DNA sequences from user online actions and we use Twitter as a benchmark to test our proposal. We obtain an incisive and compact DNA-inspired characterization of user actions. Then, we apply standard DNA analysis techniques to discriminate between genuine and spambot accounts on Twitter. An experimental campaign supports our proposal, showing its effectiveness and viability. To the best of our knowledge, we are the first ones to identify and adapt DNA-inspired techniques to online user behavioral modeling. While Twitter spambot detection is a specific use case on a specific social media, our proposed methodology is platform and technology agnostic, hence paving the way for diverse behavioral characterization tasks.

Roberto di Pietro, Federico Franzoni, Flavio Lombardi

Effectively protecting the Windows OS is a challenging task, since most implementation details are not publicly known. Windows has always been the main target of malwares that have exploited numerous bugs and vulnerabilities. Recent trusted boot and additional integrity checks have rendered the Windows OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows Virtual Machines are becoming an increasingly interesting attack target. In this work we introduce and analyze a novel Hypervisor-Based Introspection System (HyBIS) we developed for protecting Windows OSes from malware and rootkits. The HyBIS architecture is motivated and detailed, while targeted experimental results show its effectiveness. Comparison with related work highlights main HyBIS advantages such as: effective semantic introspection, support for 64-bit architectures and for latest Windows (8.x and 10), advanced malware disabling capabilities. We believe the research effort reported here will pave the way to further advances in the security of Windows OSes.

Stefano Cresci, Roberto Di Pietro, Marinella Petrocchi et al.

$\textit{Fake followers}$ are those Twitter accounts specifically created to inflate the number of followers of a target account. Fake followers are dangerous for the social platform and beyond, since they may alter concepts like popularity and influence in the Twittersphere - hence impacting on economy, politics, and society. In this paper, we contribute along different dimensions. First, we review some of the most relevant existing features and rules (proposed by Academia and Media) for anomalous Twitter accounts detection. Second, we create a baseline dataset of verified human and fake follower accounts. Such baseline dataset is publicly available to the scientific community. Then, we exploit the baseline dataset to train a set of machine-learning classifiers built over the reviewed rules and features. Our results show that most of the rules proposed by Media provide unsatisfactory performance in revealing fake followers, while features proposed in the past by Academia for spam detection provide good results. Building on the most promising features, we revise the classifiers both in terms of reduction of overfitting and cost for gathering the data needed to compute the features. The final result is a novel $\textit{Class A}$ classifier, general enough to thwart overfitting, lightweight thanks to the usage of the less costly features, and still able to correctly classify more than 95% of the accounts of the original training set. We ultimately perform an information fusion-based sensitivity analysis, to assess the global sensitivity of each of the features employed by the classifier. The findings reported in this paper, other than being supported by a thorough experimental methodology and interesting on their own, also pave the way for further investigation on the novel issue of fake Twitter followers.

Roberto Battistoni, Roberto Di Pietro, Flavio Lombardi

The malicious alteration of machine time is a big challenge in computer forensics. Detecting such changes and reconstructing the actual timeline of events is of paramount importance. However, this can be difficult since the attacker has many opportunities and means to hide such changes. In particular, cloud computing, host and guest machine time can be manipulated in various ways by an attacker. Guest virtual machines are especially vulnerable to attacks coming from their (more privileged) host. As such, it is important to guarantee the timeline integrity of both hosts and guests in a cloud, or at least to ensure that the alteration of such timeline does not go undetected. In this paper we survey the issues related to host and guest machine time integrity in the cloud. Further, we describe a novel architecture for host and guest time alteration detection and correction/resilience with respect to compromised hosts and guests. The proposed framework has been implemented on an especially built simulator. Collected results are evaluated and discussed. Performance figures show the feasibility of our proposal.

Roberto Di Pietro, Gabriele Oligeri

Jamming techniques require just moderate resources to be deployed, while their effectiveness in disrupting communications is unprecedented. In this paper we introduce several contributions to jamming mitigation. In particular, we introduce a novel adversary model that has both (unlimited) jamming reactive capabilities as well as powerful (but limited) proactive jamming capabilities. Under this powerful but yet realistic adversary model, the communication bandwidth provided by current anti-jamming solutions drops to zero. We then present Silence is Golden (SiG): a novel anti jamming protocol that, introducing a tunable, asymmetric communication channel, is able to mitigate the adversary capabilities, enabling the parties to communicate. For instance, with SiG it is possible to deliver a 128 bits long message with a probability greater than 99% in 4096 time slots in the presence of a jammer that jams all the on-the-fly communications and the 74% of the silent radio spectrum---while competing proposals simply fail. The provided solution enjoys a thorough theoretical analysis and is supported by extensive experimental results, showing the viability of our proposal.

Roberto Di Pietro, Luigi V. Mancini, Antonio Villani et al.

This paper provides evidence of a feature of Hard-Disk Drives (HDDs), that we call File System Genome. Such a feature is originated by the areas where (on the HDD) the file blocks are placed by the operating system during the installation procedure. It appears from our study that the File System Genome is a distinctive and unique feature of each indi- vidual HDD. In particular, our extensive set of experiments shows that the installation of the same operating system on two identical hardware configurations generates two different File System Genomes. Further, the application of sound information theory tools, such as min entropy, show that the differences between two File System Genome are considerably relevant. The results provided in this paper constitute the scientific basis for a number of applications in various fields of information technology, such as forensic identification and security. Finally, this work also paves the way for the application of the highlighted technique to other classes of mass-storage devices (e.g. SSDs, Flash memories).

Roberto Di Pietro, Flavio Lombardi, Antonio Villani

Graphics Processing Units (GPUs) are deployed on most present server, desktop, and even mobile platforms. Nowadays, a growing number of applications leverage the high parallelism offered by this architecture to speed-up general purpose computation. This phenomenon is called GPGPU computing (General Purpose GPU computing). The aim of this work is to discover and highlight security issues related to CUDA, the most widespread platform for GPGPU computing. In particular, we provide details and proofs-of-concept about a novel set of vulnerabilities CUDA architectures are subject to, that could be exploited to cause severe information leak. Following (detailed) intuitions rooted on sound engineering security, we performed several experiments targeting the last two generations of CUDA devices: Fermi and Kepler. We discovered that these two families do suffer from information leakage vulnerabilities. In particular, some vulnerabilities are shared between the two architectures, while others are idiosyncratic of the Kepler architecture. As a case study, we report the impact of one of these vulnerabilities on a GPU implementation of the AES encryption algorithm. We also suggest software patches and alternative approaches to tackle the presented vulnerabilities. To the best of our knowledge this is the first work showing that information leakage in CUDA is possible using just standard CUDA instructions. We expect our work to pave the way for further research in the field.