-
Monitoring of Underwater Critical Infrastructures: the Nord Stream and Other Recent Case Studies
Authors:
Giovanni Soldi,
Domenico Gaglione,
Simone Raponi,
Nicola Forti,
Enrica d'Afflisio,
Paweł Kowalski,
Leonardo M. Millefiori,
Dimitris Zissis,
Paolo Braca,
Peter Willett,
Alain Maguer,
Sandro Carniel,
Giovanni Sembenini,
Catherine Warner
Abstract:
The explosions on September 26th, 2022, which damaged the gas pipelines of Nord Stream 1 and Nord Stream 2, have highlighted the need and urgency of improving the resilience of Underwater Critical Infrastructures (UCIs). Comprising gas pipelines and power and communication cables, these connect countries worldwide and are critical for the global economy and stability. An attack targeting multiple…
▽ More
The explosions on September 26th, 2022, which damaged the gas pipelines of Nord Stream 1 and Nord Stream 2, have highlighted the need and urgency of improving the resilience of Underwater Critical Infrastructures (UCIs). Comprising gas pipelines and power and communication cables, these connect countries worldwide and are critical for the global economy and stability. An attack targeting multiple of such infrastructures simultaneously could potentially cause significant damage and greatly affect various aspects of daily life. Due to the increasing number and continuous deployment of UCIs, existing underwater surveillance solutions, such as Autonomous Underwater Vehicles (AUVs) or Remotely Operated Vehicles (ROVs), are not adequate enough to ensure thorough monitoring. We show that the combination of information from both underwater and above-water surveillance sensors enables achieving Seabed-to-Space Situational Awareness (S3A), mainly thanks to Artificial Intelligence (AI) and Information Fusion (IF) methodologies. These are designed to process immense volumes of information, fused from a variety of sources and generated from monitoring a very large number of assets on a daily basis. The learned knowledge can be used to anticipate future behaviors, identify threats, and determine critical situations concerning UCIs. To illustrate the capabilities and importance of S3A, we consider three events that occurred in the second half of 2022: the aforementioned Nord Stream explosions, the cutoff of the underwater communication cable SHEFA-2 connecting the Shetland Islands and the UK mainland, and the suspicious activity of a large vessel in the Adriatic Sea. Specifically, we provide analyses of the available data, from Automatic Identification System (AIS) and satellite data, integrated with possible contextual information, e.g., bathymetry, weather conditions, and human intelligence.
△ Less
Submitted 3 February, 2023;
originally announced February 2023.
-
KaFHCa: Key-establishment via Frequency Hop** Collisions
Authors:
Muhammad Usman,
Simone Raponi,
Marwa Qaraqe,
Gabriele Oligeri
Abstract:
The massive deployment of IoT devices being utilized by home automation, industrial and military scenarios demands for high security and privacy standards to be achieved through innovative solutions. This paper proposes KaFHCa, a crypto-less protocol that generates shared secret keys by combining random frequency hop** collisions and source indistinguishability independently of the radio channel…
▽ More
The massive deployment of IoT devices being utilized by home automation, industrial and military scenarios demands for high security and privacy standards to be achieved through innovative solutions. This paper proposes KaFHCa, a crypto-less protocol that generates shared secret keys by combining random frequency hop** collisions and source indistinguishability independently of the radio channel status. While other solutions tie the secret bit rate generation to the current radio channel conditions, thus becoming unpractical in static environments, KaFHCa guarantees almost the same secret bitrate independently of the channel conditions. KaFHCa generates shared secrets through random collisions of the transmitter and the receiver in the radio spectrum, and leverages on the fading phenomena to achieve source indistinguishability, thus preventing unauthorized eavesdroppers from inferring the key. The proposed solution is (almost) independent of the adversary position, works under the conservative assumption of channel fading (σ = 8dB), and is capable of generating a secret key of 128 bits with less than 564 transmissions.
△ Less
Submitted 20 October, 2020; v1 submitted 19 October, 2020;
originally announced October 2020.
-
PAST-AI: Physical-layer Authentication of Satellite Transmitters via Deep Learning
Authors:
Gabriele Oligeri,
Simone Raponi,
Savio Sciancalepore,
Roberto Di Pietro
Abstract:
Physical-layer security is regaining traction in the research community, due to the performance boost introduced by deep learning classification algorithms. This is particularly true for sender authentication in wireless communications via radio fingerprinting. However, previous research efforts mainly focused on terrestrial wireless devices while, to the best of our knowledge, none of the previou…
▽ More
Physical-layer security is regaining traction in the research community, due to the performance boost introduced by deep learning classification algorithms. This is particularly true for sender authentication in wireless communications via radio fingerprinting. However, previous research efforts mainly focused on terrestrial wireless devices while, to the best of our knowledge, none of the previous work took into consideration satellite transmitters. The satellite scenario is generally challenging because, among others, satellite radio transducers feature non-standard electronics (usually aged and specifically designed for harsh conditions). Moreover, the fingerprinting task is specifically difficult for Low-Earth Orbit (LEO) satellites (like the ones we focus in this paper) since they orbit at about 800Km from the Earth, at a speed of around 25,000Km/h, thus making the receiver experiencing a down-link with unique attenuation and fading characteristics. In this paper, we propose PAST-AI, a methodology tailored to authenticate LEO satellites through fingerprinting of their IQ samples, using advanced AI solutions. Our methodology is tested on real data -- more than 100M I/Q samples -- collected from an extensive measurements campaign on the IRIDIUM LEO satellites constellation, lasting 589 hours. Results are striking: we prove that Convolutional Neural Networks (CNN) and autoencoders (if properly calibrated) can be successfully adopted to authenticate the satellite transducers, with an accuracy spanning between 0.8 and 1, depending on prior assumptions. The proposed methodology, the achieved results, and the provided insights, other than being interesting on their own, when associated to the dataset that we made publicly available, will also pave the way for future research in the area.
△ Less
Submitted 12 October, 2020;
originally announced October 2020.
-
Long-Term Noise Characterization of Narrowband Power Line Communications
Authors:
Simone Raponi,
Javier Hernandez,
Aymen Omri,
Gabriele Oligeri
Abstract:
Noise modeling in power line communications has recently drawn the attention of researchers. However, when characterizing the noise process in narrowband communications, previous works have only focused on small-scale phenomena involving fine-grained details. Nevertheless, the communication link's reliability is also affected by long-term noise phenomena that might affect transfer rates at higher…
▽ More
Noise modeling in power line communications has recently drawn the attention of researchers. However, when characterizing the noise process in narrowband communications, previous works have only focused on small-scale phenomena involving fine-grained details. Nevertheless, the communication link's reliability is also affected by long-term noise phenomena that might affect transfer rates at higher layers as well. This paper addresses the problem of long-term noise characterization for narrowband power line communications and provides a statistical analysis of the long-term trends affecting the noise levels. We present a statistical description of the noise process in the time and frequency domains based on real field measurements in the FCC band (10 kHz - 490 kHz). The collected data comprises more than 1.8 billion samples taken from three different locations over a time period of approximately 10 days. The noise samples have been statistically analyzed by considering stationarity, autocorrelation, and independence. Although our results -- being unprecedented -- are interesting per se, they improve the noise pattern knowledge, thus paving the way for the design and implementation of more robust PLC protocols.
△ Less
Submitted 1 March, 2021; v1 submitted 31 July, 2020;
originally announced July 2020.
-
Sound of Guns: Digital Forensics of Gun Audio Samples meets Artificial Intelligence
Authors:
Simone Raponi,
Isra Ali,
Gabriele Oligeri
Abstract:
Classifying a weapon based on its muzzle blast is a challenging task that has significant applications in various security and military fields. Most of the existing works rely on ad-hoc deployment of spatially diverse microphone sensors to capture multiple replicas of the same gunshot, which enables accurate detection and identification of the acoustic source. However, carefully controlled setups…
▽ More
Classifying a weapon based on its muzzle blast is a challenging task that has significant applications in various security and military fields. Most of the existing works rely on ad-hoc deployment of spatially diverse microphone sensors to capture multiple replicas of the same gunshot, which enables accurate detection and identification of the acoustic source. However, carefully controlled setups are difficult to obtain in scenarios such as crime scene forensics, making the aforementioned techniques inapplicable and impractical. We introduce a novel technique that requires zero knowledge about the recording setup and is completely agnostic to the relative positions of both the microphone and shooter. Our solution can identify the category, caliber, and model of the gun, reaching over 90% accuracy on a dataset composed of 3655 samples that are extracted from YouTube videos. Our results demonstrate the effectiveness and efficiency of applying Convolutional Neural Network (CNN) in gunshot classification eliminating the need for an ad-hoc setup while significantly improving the classification performance.
△ Less
Submitted 1 March, 2021; v1 submitted 15 April, 2020;
originally announced April 2020.
-
Vessels Cybersecurity: Issues, Challenges, and the Road Ahead
Authors:
Maurantonio Caprolu,
Roberto Di Pietro,
Simone Raponi,
Savio Sciancalepore,
Pietro Tedeschi
Abstract:
Vessels cybersecurity is recently gaining momentum, as a result of a few recent attacks to vessels at sea. These recent attacks have shacked the maritime domain, which was thought to be relatively immune to cyber threats. The cited belief is now over, as proved by recent mandates issued by the International Maritime Organization (IMO). According to these regulations, all vessels should be the subj…
▽ More
Vessels cybersecurity is recently gaining momentum, as a result of a few recent attacks to vessels at sea. These recent attacks have shacked the maritime domain, which was thought to be relatively immune to cyber threats. The cited belief is now over, as proved by recent mandates issued by the International Maritime Organization (IMO). According to these regulations, all vessels should be the subject of a cybersecurity risk analysis, and technical controls should be adopted to mitigate the resulting risks. This initiative is laudable since, despite the recent incidents, the vulnerabilities and threats affecting modern vessels are still unclear to operating entities, leaving the potential for dreadful consequences of further attacks just a matter of "when", not "if". In this contribution, we investigate and systematize the major security weaknesses affecting systems and communication technologies adopted in modern vessels. Specifically, we describe the architecture and main features of the different systems, pointing out their main security issues, and specifying how they were exploited by attackers to cause service disruption and relevant financial losses. We also identify a few countermeasures to the introduced attacks. Finally, we highlight a few research challenges to be addressed by industry and academia to strengthen vessels security.
△ Less
Submitted 4 March, 2020;
originally announced March 2020.
-
Road Traffic Poisoning of Navigation Apps: Threats and Countermeasures
Authors:
Simone Raponi,
Savio Sciancalepore,
Gabriele Oligeri,
Roberto Di Pietro
Abstract:
Assisted-navigation applications have a relevant impact on our daily life. However, technological progress in virtualization technologies and Software-Defined Radios recently enabled new attack vectors, namely, road traffic poisoning. These attacks open up several dreadful scenarios, which are addressed in this contribution by identifying the associated challenges and proposing innovative counterm…
▽ More
Assisted-navigation applications have a relevant impact on our daily life. However, technological progress in virtualization technologies and Software-Defined Radios recently enabled new attack vectors, namely, road traffic poisoning. These attacks open up several dreadful scenarios, which are addressed in this contribution by identifying the associated challenges and proposing innovative countermeasures.
△ Less
Submitted 5 May, 2021; v1 submitted 12 February, 2020;
originally announced February 2020.
-
A Longitudinal Study on Web-sites Password Management (in)Security: Evidence and Remedies
Authors:
Simone Raponi,
Roberto Di Pietro
Abstract:
Single-factor password-based authentication is generally the norm to access on-line Web-sites. While single-factor authentication is well known to be a weak form of authentication, a further concern arises when considering the possibility for an attacker to recover the user passwords by leveraging the loopholes in the password recovery mechanisms. Indeed, the adoption by a Web-site of a poor passw…
▽ More
Single-factor password-based authentication is generally the norm to access on-line Web-sites. While single-factor authentication is well known to be a weak form of authentication, a further concern arises when considering the possibility for an attacker to recover the user passwords by leveraging the loopholes in the password recovery mechanisms. Indeed, the adoption by a Web-site of a poor password management system makes useless even the most robust password chosen by the registered users. In this paper, building on the results of our previous work, we study the possible attacks to on-line password recovery systems analyzing the mechanisms implemented by some of the most popular Web-sites. In detail, we provide several contributions: (i) we revise and detail the attacker model; (ii) we provide an updated analysis with respect to a preliminary study we carried out in December 2017; (iii) we perform a brand new analysis of the current top 200 Alexa's Web-sites of five major EU countries; and, (iv) we propose \sol, a working open-source module that could be adopted by any Web-site to provide registered users with a password recovery mechanism to prevent mail service provider-level attacks. Overall, it is striking to notice how the analyzed Web-sites have made little (if any) effort to become compliant with the GDPR regulation, showing that the objective to have basic user protection mechanisms in place---despite the fines threatened by GDPR---is still far, mainly because of sub-standard security management practices. Finally, it is worth noting that while this study has been focused on EU registered Web-sites, the proposed solution has, instead, general applicability.
△ Less
Submitted 29 January, 2020; v1 submitted 17 November, 2019;
originally announced November 2019.
-
Cryptomining Makes Noise: a Machine Learning Approach for Cryptojacking Detection
Authors:
Maurantonio Caprolu,
Simone Raponi,
Gabriele Oligeri,
Roberto Di Pietro
Abstract:
A new cybersecurity attack,where an adversary illicitly runs crypto-mining software over the devices of unaware users, is emerging in both the literature and in the wild . This attack, known as cryptojacking, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently been proposed, with different features and performa…
▽ More
A new cybersecurity attack,where an adversary illicitly runs crypto-mining software over the devices of unaware users, is emerging in both the literature and in the wild . This attack, known as cryptojacking, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently been proposed, with different features and performance, but all characterized by a host-based architecture. This kind of solutions, designed to protect the individual user, are not suitable for efficiently protecting a corporate network, especially against insiders. In this paper, we propose a network-based approach to detect and identify crypto-clients activities by solely relying on the network traffic, even when encrypted. First, we provide a detailed analysis of the real network traces generated by three major cryptocurrencies, Bitcoin, Monero, and Bytecoin, considering both the normal traffic and the one shaped by a VPN. Then, we propose Crypto-Aegis, a Machine Learning (ML) based framework built over the results of our investigation, aimed at detecting cryptocurrencies related activities, e.g., pool mining, solo mining, and active full nodes. Our solution achieves a striking 0.96 of F1-score and 0.99 of AUC for the ROC, while enjoying a few other properties, such as device and infrastructure independence. Given the extent and novelty of the addressed threat we believe that our approach, supported by its excellent results, pave the way for further research in this area.
△ Less
Submitted 28 January, 2020; v1 submitted 21 October, 2019;
originally announced October 2019.
-
BrokenStrokes: On the (in)Security of Wireless Keyboards
Authors:
Gabriele Oligeri,
Savio Sciancalepore,
Simone Raponi,
Roberto Di Pietro
Abstract:
Wireless devices resorting to event-triggered communications have been proved to suffer critical privacy issues, due to the intrinsic leakage associated with radio-frequency (RF) emissions. In this paper, we move the attack frontier forward by proposing BrokenStrokes: an inexpensive, easy to implement, efficient, and effective attack able to detect the ty** of a pre-defined keyword by only eaves…
▽ More
Wireless devices resorting to event-triggered communications have been proved to suffer critical privacy issues, due to the intrinsic leakage associated with radio-frequency (RF) emissions. In this paper, we move the attack frontier forward by proposing BrokenStrokes: an inexpensive, easy to implement, efficient, and effective attack able to detect the ty** of a pre-defined keyword by only eavesdrop** the communication channel used by the wireless keyboard. BrokenStrokes proves itself to be a particularly dreadful attack: it achieves its goal when the eavesdrop** antenna is up to 15 meters from the target keyboard, regardless of the encryption scheme, the communication protocol, the presence of radio noise, and the presence of physical obstacles. While we detail the attack in three current scenarios and discuss its striking performance--its success probability exceeds 90% in normal operating conditions--, we also provide some suggestions on how to mitigate it. The data utilized in this paper have been released as open-source to allow practitioners, industries, and academia to verify our claims and use them as a basis for further developments.
△ Less
Submitted 21 May, 2020; v1 submitted 9 October, 2019;
originally announced October 2019.
-
A Spark is Enough in a Straw World: a Study of Websites Password Management in the Wild
Authors:
Simone Raponi,
Roberto Di Pietro
Abstract:
The widespread usage of password authentication in online websites leads to an ever-increasing concern, especially when considering the possibility for an attacker to recover the user password by leveraging the loopholes in the password recovery mechanisms. Indeed, if a website adopts a poor password management system, this choice makes useless even the most robust password chosen by its users. In…
▽ More
The widespread usage of password authentication in online websites leads to an ever-increasing concern, especially when considering the possibility for an attacker to recover the user password by leveraging the loopholes in the password recovery mechanisms. Indeed, if a website adopts a poor password management system, this choice makes useless even the most robust password chosen by its users. In this paper, we first provide a survey of currently adopted password recovery mechanisms. Later, we model an attacker with different capabilities and we show how current password recovery mechanisms can be exploited in our attacker model. Then, we provide a thorough analysis of the password management of some of the Alexa's top 200 websites in different countries, including England, France, Germany, Spain and Italy. Of these 1,000 websites, 722 do not require authentication -- and hence are excluded by our study -- while out of the remaining 278 we focused on 174, since 104 demanded a complex registration procedure. Of these 174, almost 25% of the them have critical vulnerabilities, while 44% have some form of vulnerability. Finally, we propose some effective countermeasures and we point out that, by considering the entry into force of the General Data Protection Regulation (GDPR) in May, 2018, most of websites are not compliant with the legislation and may incur in heavy fines. This study, other than being important on its own since it highlights some severe current vulnerabilities and proposes corresponding remedies, has the potential to also have a relevant impact on the EU industrial ecosystem.
△ Less
Submitted 24 April, 2018; v1 submitted 19 April, 2018;
originally announced April 2018.