-
$A^2RID$ -- Anonymous Direct Authentication and Remote Identification of Commercial Drones
Authors:
Eva Wisse,
Pietro Tedeschi,
Savio Sciancalepore,
Roberto Di Pietro
Abstract:
The recent worldwide introduction of RemoteID (RID) regulations forces all Unmanned Aircrafts (UAs), a.k.a. drones, to broadcast in plaintext on the wireless channel their identity and real-time location, for accounting and monitoring purposes. Although improving drones' monitoring and situational awareness, the RID rule also generates significant privacy concerns for UAs' operators, threatened by…
▽ More
The recent worldwide introduction of RemoteID (RID) regulations forces all Unmanned Aircrafts (UAs), a.k.a. drones, to broadcast in plaintext on the wireless channel their identity and real-time location, for accounting and monitoring purposes. Although improving drones' monitoring and situational awareness, the RID rule also generates significant privacy concerns for UAs' operators, threatened by the ease of tracking of UAs and related confidentiality and privacy concerns connected with the broadcasting of plaintext identity information. In this paper, we propose $A^2RID$, a protocol suite for anonymous direct authentication and remote identification of heterogeneous commercial UAs. $A^2RID$ integrates and adapts protocols for anonymous message signing to work in the UA domain, co** with the constraints of commercial drones and the tight real-time requirements imposed by the RID regulation. Overall, the protocols in the $A^2RID$ suite allow a UA manufacturer to pick the configuration that best suits the capabilities and constraints of the drone, i.e., either a processing-intensive but memory-lightweight solution (namely, $CS-A^2RID$) or a computationally-friendly but memory-hungry approach (namely, $DS-A^2RID$). Besides formally defining the protocols and formally proving their security in our setting, we also implement and test them on real heterogeneous hardware platforms, i.e., the Holybro X-500 and the ESPcopter, releasing open-source the produced code. For all the protocols, we demonstrated experimentally the capability of generating anonymous RemoteID messages well below the time bound of $1$ second required by RID, while at the same time having quite a limited impact on the energy budget of the drone.
△ Less
Submitted 1 February, 2023; v1 submitted 21 October, 2022;
originally announced October 2022.
-
URANUS: Radio Frequency Tracking, Classification and Identification of Unmanned Aircraft Vehicles
Authors:
Domenico Lofù,
Pietro Di Gennaro,
Pietro Tedeschi,
Tommaso Di Noia,
Eugenio Di Sciascio
Abstract:
Safety and security issues for Critical Infrastructures are growing as attackers adopt drones as an attack vector flying in sensitive airspaces, such as airports, military bases, city centers, and crowded places. Despite the use of UAVs for logistics, ship** recreation activities, and commercial applications, their usage poses severe concerns to operators due to the violations and the invasions…
▽ More
Safety and security issues for Critical Infrastructures are growing as attackers adopt drones as an attack vector flying in sensitive airspaces, such as airports, military bases, city centers, and crowded places. Despite the use of UAVs for logistics, ship** recreation activities, and commercial applications, their usage poses severe concerns to operators due to the violations and the invasions of the restricted airspaces. A cost-effective and real-time framework is needed to detect the presence of drones in such cases. In this contribution, we propose an efficient radio frequency-based detection framework called URANUS. We leverage real-time data provided by the Radio Frequency/Direction Finding system, and radars in order to detect, classify and identify drones (multi-copter and fixed-wings) invading no-drone zones. We adopt a Multilayer Perceptron neural network to identify and classify UAVs in real-time, with $90$% accuracy. For the tracking task, we use a Random Forest model to predict the position of a drone with an MSE $\approx0.29$, MAE $\approx0.04$, and $R^2\approx 0.93$. Furthermore, coordinate regression is performed using Universal Transverse Mercator coordinates to ensure high accuracy. Our analysis shows that URANUS is an ideal framework for identifying, classifying, and tracking UAVs that most Critical Infrastructure operators can adopt.
△ Less
Submitted 15 November, 2023; v1 submitted 13 July, 2022;
originally announced July 2022.
-
Satellite-Based Communications Security: A Survey of Threats, Solutions, and Research Challenges
Authors:
Pietro Tedeschi,
Savio Sciancalepore,
Roberto Di Pietro
Abstract:
Satellite-based Communication systems are gaining renewed momentum in Industry and Academia, thanks to innovative services introduced by leading tech companies and the promising impact they can deliver towards the global connectivity objective tackled by early 6G initiatives. On the one hand, the emergence of new manufacturing processes and radio technologies promises to reduce service costs while…
▽ More
Satellite-based Communication systems are gaining renewed momentum in Industry and Academia, thanks to innovative services introduced by leading tech companies and the promising impact they can deliver towards the global connectivity objective tackled by early 6G initiatives. On the one hand, the emergence of new manufacturing processes and radio technologies promises to reduce service costs while guaranteeing outstanding communication latency, available bandwidth, flexibility, and coverage range. On the other hand, cybersecurity techniques and solutions applied in SATCOM links should be updated to reflect the substantial advancements in attacker capabilities characterizing the last two decades. However, business urgency and opportunities are leading operators towards challenging system trade-offs, resulting in an increased attack surface and a general relaxation of the available security services. In this paper, we tackle the cited problems and present a comprehensive survey on the link-layer security threats, solutions, and challenges faced when deploying and operating SATCOM systems.Specifically, we classify the literature on security for SATCOM systems into two main branches, i.e., physical-layer security and cryptography schemes.Then, we further identify specific research domains for each of the identified branches, focusing on dedicated security issues, including, e.g., physical-layer confidentiality, anti-jamming schemes, anti-spoofing strategies, and quantum-based key distribution schemes. For each of the above domains, we highlight the most essential techniques, peculiarities, advantages, disadvantages, lessons learned, and future directions.Finally, we also identify emerging research topics whose additional investigation by Academia and Industry could further attract researchers and investors, ultimately unleashing the full potential behind ubiquitous satellite communications.
△ Less
Submitted 29 July, 2022; v1 submitted 21 December, 2021;
originally announced December 2021.
-
Privacy-Preserving and Sustainable Contact Tracing Using Batteryless Bluetooth Low-Energy Beacons
Authors:
Pietro Tedeschi,
Kang Eun Jeon,
James She,
Simon Wong,
Spiridon Bakiras,
Roberto Di Pietro
Abstract:
Contact tracing is the techno-choice of reference to address the COVID-19 pandemic. Many of the current approaches have severe privacy and security issues and fail to offer a sustainable contact tracing infrastructure. We address these issues introducing an innovative, privacy-preserving, sustainable, and experimentally tested architecture that leverages batteryless BLE beacons.
Contact tracing is the techno-choice of reference to address the COVID-19 pandemic. Many of the current approaches have severe privacy and security issues and fail to offer a sustainable contact tracing infrastructure. We address these issues introducing an innovative, privacy-preserving, sustainable, and experimentally tested architecture that leverages batteryless BLE beacons.
△ Less
Submitted 21 December, 2021; v1 submitted 10 March, 2021;
originally announced March 2021.
-
SpreadMeNot: A Provably Secure and Privacy-Preserving Contact Tracing Protocol
Authors:
Pietro Tedeschi,
Spiridon Bakiras,
Roberto Di Pietro
Abstract:
A plethora of contact tracing apps have been developed and deployed in several countries around the world in the battle against Covid-19. However, people are rightfully concerned about the security and privacy risks of such applications. To this end, the contribution of this work is twofold. First, we present an in-depth analysis of the security and privacy characteristics of the most prominent co…
▽ More
A plethora of contact tracing apps have been developed and deployed in several countries around the world in the battle against Covid-19. However, people are rightfully concerned about the security and privacy risks of such applications. To this end, the contribution of this work is twofold. First, we present an in-depth analysis of the security and privacy characteristics of the most prominent contact tracing protocols, under both passive and active adversaries. The results of our study indicate that all protocols are vulnerable to a variety of attacks, mainly due to the deterministic nature of the underlying cryptographic protocols. Our second contribution is the design and implementation of SpreadMeNot, a novel contact tracing protocol that can defend against most passive and active attacks, thus providing strong (provable) security and privacy guarantees that are necessary for such a sensitive application. Our detailed analysis, both formal and experimental, shows that SpreadMeNot satisfies security, privacy, and performance requirements, hence being an ideal candidate for building a contact tracing solution that can be adopted by the majority of the general public, as well as to serve as an open-source reference for further developments in the field.
△ Less
Submitted 12 January, 2021; v1 submitted 14 November, 2020;
originally announced November 2020.
-
Water Quality Prediction on a Sigfox-compliant IoT Device: The Road Ahead of WaterS
Authors:
Pietro Boccadoro,
Vitanio Daniele,
Pietro Di Gennaro,
Domenico Lofù,
Pietro Tedeschi
Abstract:
Water pollution is a critical issue that can affects humans' health and the entire ecosystem thus inducing economical and social concerns. In this paper, we focus on an Internet of Things water quality prediction system, namely WaterS, that can remotely communicate the gathered measurements leveraging Low-Power Wide Area Network technologies. The solution addresses the water pollution problem whil…
▽ More
Water pollution is a critical issue that can affects humans' health and the entire ecosystem thus inducing economical and social concerns. In this paper, we focus on an Internet of Things water quality prediction system, namely WaterS, that can remotely communicate the gathered measurements leveraging Low-Power Wide Area Network technologies. The solution addresses the water pollution problem while taking into account the peculiar Internet of Things constraints such as energy efficiency and autonomy as the platform is equipped with a photovoltaic cell. At the base of our solution, there is a Long Short-Term Memory recurrent neural network used for time series prediction. It results as an efficient solution to predict water quality parameters such as pH, conductivity, oxygen, and temperature. The water quality parameters measurements involved in this work are referred to the Tiziano Project dataset in a reference time period spanning from 2007 to 2012. The LSTM applied to predict the water quality parameters achieves high accuracy and a low Mean Absolute Error of 0.20, a Mean Square Error of 0.092, and finally a Cosine Proximity of 0.94. The obtained results were widely analyzed in terms of protocol suitability and network scalability of the current architecture towards large-scale deployments. From a networking perspective, with an increasing number of Sigfox-enabling end-devices, the Packet Error Rate increases as well up to 4% with the largest envisioned deployment. Finally, the source code of WaterS ecosystem has been released as open-source, to encourage and promote research activities from both Industry and Academia.
△ Less
Submitted 27 July, 2020;
originally announced July 2020.
-
IoTrace: A Flexible, Efficient, and Privacy-Preserving IoT-enabled Architecture for Contact Tracing
Authors:
Pietro Tedeschi,
Spiridon Bakiras,
Roberto Di Pietro
Abstract:
Contact tracing promises to help fight the spread of Covid-19 via an early detection of possible contagion events. To this end, most existing solutions share the following architecture: smartphones continuously broadcast random beacons that are intercepted by nearby devices and stored into their local contact logs. In this paper, we propose an IoT-enabled architecture for contact tracing that rela…
▽ More
Contact tracing promises to help fight the spread of Covid-19 via an early detection of possible contagion events. To this end, most existing solutions share the following architecture: smartphones continuously broadcast random beacons that are intercepted by nearby devices and stored into their local contact logs. In this paper, we propose an IoT-enabled architecture for contact tracing that relaxes the smartphone-centric assumption, and provide a solution that enjoys the following features: (i) it reduces the overhead on the end-user to the bare minimum -- the mobile device only broadcasts its beacons; (ii) it provides the user with a degree of privacy not achieved by competing solutions -- even in the most privacy adverse scenario, the solution provides k-anonymity; and, (iii) it is flexible: the same architecture can be configured to support several models -- ranging from the fully decentralized to the fully centralized ones -- and the system parameters can be tuned to support the tracing of several social interaction models. We also highlight open issues and discuss a number of future research directions.
△ Less
Submitted 2 January, 2021; v1 submitted 23 July, 2020;
originally announced July 2020.
-
Security in Energy Harvesting Networks: A Survey of Current Solutions and Research Challenges
Authors:
Pietro Tedeschi,
Savio Sciancalepore,
Roberto Di Pietro
Abstract:
The recent advancements in hardware miniaturization capabilities have boosted the diffusion of systems based on Energy Harvesting (EH) technologies, as a means to power embedded wireless devices in a sustainable and low-cost fashion. Despite the undeniable management advantages, the intermittent availability of the energy source and the limited power supply has led to challenging system trade-offs…
▽ More
The recent advancements in hardware miniaturization capabilities have boosted the diffusion of systems based on Energy Harvesting (EH) technologies, as a means to power embedded wireless devices in a sustainable and low-cost fashion. Despite the undeniable management advantages, the intermittent availability of the energy source and the limited power supply has led to challenging system trade-offs, resulting in an increased attack surface and a general relaxation of the available security services.
In this paper, we survey the security issues, applications, techniques, and challenges arising in wireless networks powered via EH technologies. We explore the vulnerabilities of EH networks, and we provide a comprehensive overview of the scientific literature, including attack vectors, cryptography techniques, physical-layer security schemes for data secrecy, and additional physical-layer countermeasures. For each of the identified macro-areas, we compare the scientific contributions across a range of shared features, indicating the pros and cons of the described techniques, the research challenges, and a few future directions. Finally, we also provide an overview of the emerging topics in the area, such as Non-Orthogonal Multiple Access (NOMA) and Rate-Splitting Multiple Access (RSMA) schemes, and Intelligent Reconfigurable Surfaces, that could trigger the interest of industry and academia and unleash the full potential of pervasive EH wireless networks.
△ Less
Submitted 19 August, 2020; v1 submitted 22 April, 2020;
originally announced April 2020.
-
Vessels Cybersecurity: Issues, Challenges, and the Road Ahead
Authors:
Maurantonio Caprolu,
Roberto Di Pietro,
Simone Raponi,
Savio Sciancalepore,
Pietro Tedeschi
Abstract:
Vessels cybersecurity is recently gaining momentum, as a result of a few recent attacks to vessels at sea. These recent attacks have shacked the maritime domain, which was thought to be relatively immune to cyber threats. The cited belief is now over, as proved by recent mandates issued by the International Maritime Organization (IMO). According to these regulations, all vessels should be the subj…
▽ More
Vessels cybersecurity is recently gaining momentum, as a result of a few recent attacks to vessels at sea. These recent attacks have shacked the maritime domain, which was thought to be relatively immune to cyber threats. The cited belief is now over, as proved by recent mandates issued by the International Maritime Organization (IMO). According to these regulations, all vessels should be the subject of a cybersecurity risk analysis, and technical controls should be adopted to mitigate the resulting risks. This initiative is laudable since, despite the recent incidents, the vulnerabilities and threats affecting modern vessels are still unclear to operating entities, leaving the potential for dreadful consequences of further attacks just a matter of "when", not "if". In this contribution, we investigate and systematize the major security weaknesses affecting systems and communication technologies adopted in modern vessels. Specifically, we describe the architecture and main features of the different systems, pointing out their main security issues, and specifying how they were exploited by attackers to cause service disruption and relevant financial losses. We also identify a few countermeasures to the introduced attacks. Finally, we highlight a few research challenges to be addressed by industry and academia to strengthen vessels security.
△ Less
Submitted 4 March, 2020;
originally announced March 2020.