Moreno Ambrosin

Moreno Ambrosin, Mauro Conti, Riccardo Lazzeretti et al.

Remote attestation protocols are widely used to detect device configuration (e.g., software and/or data) compromise in Internet of Things (IoT) scenarios. Unfortunately, the performances of such protocols are unsatisfactory when dealing with thousands of smart devices. Recently, researchers are focusing on addressing this limitation. The approach is to run attestation in a collective way, with the goal of reducing computation and communication. Despite these advances, current solutions for attestation are still unsatisfactory because of their complex management and strict assumptions concerning the topology (e.g., being time invariant or maintaining a fixed topology). In this paper, we propose PADS, a secure, efficient, and practical protocol for attesting potentially large networks of smart devices with unstructured or dynamic topologies. PADS builds upon the recent concept of non-interactive attestation, by reducing the collective attestation problem into a minimum consensus one. We compare PADS with a state-of-the art collective attestation protocol and validate it by using realistic simulations that show practicality and efficiency. The results confirm the suitability of PADS for low-end devices, and highly unstructured networks.

Moreno Ambrosin, Arman Anzanpour, Mauro Conti et al.

Attribute-Based Encryption (ABE) could be an effective cryptographic tool for the secure management of Internet-of-Things (IoT) devices, but its feasibility in the IoT has been under-investigated thus far. This article explores such feasibility for well-known IoT platforms, namely, Intel Galileo Gen 2, Intel Edison, Raspberry Pi 1 Model B, and Raspberry Pi Zero, and concludes that adopting ABE in the IoT is indeed feasible.

Moreno Ambrosin, Paolo Braca, Mauro Conti et al.

The large spread of sensors and smart devices in urban infrastructures are motivating research in the area of Internet of Thing (IoT), to develop new services and improve citizens' quality of life. Sensors and smart devices generate large amount of measurement data from sensing the environment, which is used to enable services, such as control power consumption or traffic density. To deal with such a large amount of information, and provide accurate measurements, service providers can adopt information fusion, which, given the decentralized nature of urban deployments, can be performed by means of consensus algorithms. These algorithms allow distributed agents to (iteratively) compute linear functions on the exchanged data, and take decisions based on the outcome, without the need for the support of a central entity. However, the use of consensus algorithms raises several security concerns, especially when private or security critical information are involved in the computation. This paper proposes ODIN, a novel algorithm that allows information fusion over encrypted data. ODIN is a privacy-preserving extension of the popular consensus gossip algorithm, that prevents distributed agents have direct access to the data while they iteratively reach consensus; agents cannot access even the final consensus value, but can only retrieve partial information, e.g., a binary decision. ODIN uses efficient additive obfuscation and proxy re-encryption during the update steps, and Garbled Circuits to take final decisions on the obfuscated consensus. We discuss the security of our proposal, and show its practicability and efficiency on real-world resource constrained devices, developing a prototype implementation for Raspberry Pi devices.

Moreno Ambrosin, Mauro Conti, Tooska Dargahi

Attribute-Based Encryption (ABE) is a powerful cryptographic tool that allows fine-grained access control over data. Due to its features, ABE has been adopted in several applications, such as encrypted storage or access control systems. Recently, researchers argued about the non acceptable performance of ABE when implemented on mobile devices. Indeed, the non feasibility of ABE on mobile devices would hinder the deployment of novel protocols and services--that could instead exploit the full potential of such devices. However, we believe the conclusion of non usability was driven by a not-very efficient implementation. In this paper, we want to shine a light on this concern by studying the feasibility of applying ABE on smartphone devices. In particular, we implemented AndrABEn, an ABE library for Android operating system. Our library is written in the C language and implements two main ABE schemes: Ciphertext-Policy Attribute-Based Encryption, and Key- Policy Attribute-Based Encryption. We also run a thorough set of experimental evaluation for AndrABEn, and compare it with the current state-of-the-art (considering the same experimental setting). The results confirm the possibility to effectively use ABE on smartphone devices, requiring an acceptable amount of resources in terms of computations and energy consumption. Since the current state-of-the-art claims the non feasibility of ABE on mobile devices, we believe that our study (together with the AndrABEn library that we made available online) is a key result that will pave the way for researchers and developers to design and implement novel protocols and applications for mobile devices.

Moreno Ambrosin, Mauro Conti, Paolo Gasti et al.

In the last decade, there has been a growing realization that the current Internet Protocol is reaching the limits of its senescence. This has prompted several research efforts that aim to design potential next-generation Internet architectures. Named Data Networking (NDN), an instantiation of the content-centric approach to networking, is one such effort. In contrast with IP, NDN routers maintain a significant amount of user-driven state. In this paper we investigate how to use this state for covert ephemeral communication (CEC). CEC allows two or more parties to covertly exchange ephemeral messages, i.e., messages that become unavailable after a certain amount of time. Our techniques rely only on network-layer, rather than application-layer, services. This makes our protocols robust, and communication difficult to uncover. We show that users can build high-bandwidth CECs exploiting features unique to NDN: in-network caches, routers' forwarding state and name matching rules. We assess feasibility and performance of proposed cover channels using a local setup and the official NDN testbed.