Search

Your search keyword '"Brighente, Alessandro"' showing total 146 results
Start Over Author "Brighente, Alessandro"

Refine your results

more »

more »

more »
146 results on '"Brighente, Alessandro"'

1. Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check

Author

Lotto, Alessandro, Brighente, Alessandro, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security
Abstract

Integrating modern communication technologies into legacy systems, such as Industrial Control Systems and in-vehicle networks, invalidates the assumptions of isolated and trusted operating environments. Security incidents like the 2015 Ukraine power grid attack and the 2021 compromise of a U.S. water treatment facility demonstrate how increased interconnectivity, paired with insufficient security measures, expose these critical systems to cyber threats, posing risks to national and public safety. These attacks were favored by the lack of proper message authentication, highlighting its importance as a primary countermeasure to enhance system security. Solutions proposed in the literature remain largely unadopted in practice due to challenges such as preserving backward compatibility, additional hardware requirements, and limited computational resources on legacy devices. Moreover, many solutions are protocol-specific, necessitating complex and costly multiple implementations in heterogeneous systems. In this paper, we propose Authenticated Cyclic Redundancy Integrity Check (ACRIC), a novel security mechanism that overcomes these limitations by leveraging a cryptographic computation of the existing Cyclyic Redundancy Check (CRC) field to ensure message integrity protection and authentication. ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. This makes it applicable across various systems, suitable for diverse legacy network protocols including point-to-point and broadcast communications. Experimental results, supported by formal verification and real-world testing, demonstrate that ACRIC offers robust security with minimal transmission overhead (<< 1 ms). This proves ACRIC's practicality, cost-effectiveness, and suitability for real-world adoption.

Published
2024

2. The Impact of SBOM Generators on Vulnerability Assessment in Python: A Comparison and a Novel Approach

Author

Benedetti, Giacomo, Cofano, Serena, Brighente, Alessandro, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security
Abstract

The Software Supply Chain (SSC) security is a critical concern for both users and developers. Recent incidents, like the SolarWinds Orion compromise, proved the widespread impact resulting from the distribution of compromised software. The reliance on open-source components, which constitute a significant portion of modern software, further exacerbates this risk. To enhance SSC security, the Software Bill of Materials (SBOM) has been promoted as a tool to increase transparency and verifiability in software composition. However, despite its promise, SBOMs are not without limitations. Current SBOM generation tools often suffer from inaccuracies in identifying components and dependencies, leading to the creation of erroneous or incomplete representations of the SSC. Despite existing studies exposing these limitations, their impact on the vulnerability detection capabilities of security tools is still unknown. In this paper, we perform the first security analysis on the vulnerability detection capabilities of tools receiving SBOMs as input. We comprehensively evaluate SBOM generation tools by providing their outputs to vulnerability identification software. Based on our results, we identify the root causes of these tools' ineffectiveness and propose PIP-sbom, a novel pip-inspired solution that addresses their shortcomings. PIP-sbom provides improved accuracy in component identification and dependency resolution. Compared to best-performing state-of-the-art tools, PIP-sbom increases the average precision and recall by 60%, and reduces by ten times the number of false positives.

Published
2024

3. Obfuscated Location Disclosure for Remote ID Enabled Drones

Author

Brighente, Alessandro, Conti, Mauro, Schotsman, Matthijs, and Sciancalepore, Savio

Subjects
Computer Science - Cryptography and Security
Abstract

The Remote ID (RID) regulation recently introduced by several aviation authorities worldwide (including the US and EU) forces commercial drones to regularly (max. every second) broadcast plaintext messages on the wireless channel, providing information about the drone identifier and current location, among others. Although these regulations increase the accountability of drone operations and improve traffic management, they allow malicious users to track drones via the disclosed information, possibly leading to drone capture and severe privacy leaks. In this paper, we propose Obfuscated Location disclOsure for RID-enabled drones (OLO-RID), a solution modifying and extending the RID regulation while preserving drones' location privacy. Rather than disclosing the actual drone's location, drones equipped with OLO-RID disclose a differentially private obfuscated location in a mobile scenario. OLO-RID also extends RID messages with encrypted location information, accessible only by authorized entities and valuable to obtain the current drone's location in safety-critical use cases. We design, implement, and deploy OLO-RID on a Raspberry Pi 3 and release the code of our implementation as open-source. We also perform an extensive performance assessment of the runtime overhead of our solution in terms of processing, communication, memory, and energy consumption. We show that OLO-RID can generate RID messages on a constrained device in less than 0.16 s while also requiring a minimal energy toll on a relevant device (0.0236% of energy for a DJI Mini 2). We also evaluate the utility of the proposed approach in the context of three reference use cases involving the drones' location usage, demonstrating minimal performance degradation when trading off location privacy and utility for next-generation RID-compliant drone ecosystems., Comment: 18 pages, 8 figures. Submitted and under review for journal publication

Published
2024

4. Your Car Tells Me Where You Drove: A Novel Path Inference Attack via CAN Bus and OBD-II Data

Author

Bianchi, Tommaso, Brighente, Alessandro, Conti, Mauro, and Valori, Andrea

Subjects
Computer Science - Cryptography and Security
Abstract

Despite its well-known security issues, the Controller Area Network (CAN) is still the main technology for in-vehicle communications. Attackers posing as diagnostic services or accessing the CAN bus can threaten the drivers' location privacy to know the exact location at a certain point in time or to infer the visited areas. This represents a serious threat to users' privacy, but also an advantage for police investigations to gather location-based evidence. In this paper, we present On Path Diagnostic - Intrusion \& Inference (OPD-II), a novel path inference attack leveraging a physical car model and a map matching algorithm to infer the path driven by a car based on CAN bus data. Differently from available attacks, our approach only requires the attacker to know the initial location and heading of the victim's car and is not limited by the availability of training data, road configurations, or the need to access other victim's devices (e.g., smartphones). We implement our attack on a set of four different cars and a total number of 41 tracks in different road and traffic scenarios. We achieve an average of 95% accuracy on reconstructing the coordinates of the recorded path by leveraging a dynamic map-matching algorithm that outperforms the 75% and 89% accuracy values of other proposals while removing their set of assumptions.

Published
2024

5. GAN-GRID: A Novel Generative Attack on Smart Grid Stability Prediction

Author

Efatinasab, Emad, Brighente, Alessandro, Rampazzo, Mirco, Azadi, Nahal, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security, Electrical Engineering and Systems Science - Signal Processing
Abstract

The smart grid represents a pivotal innovation in modernizing the electricity sector, offering an intelligent, digitalized energy network capable of optimizing energy delivery from source to consumer. It hence represents the backbone of the energy sector of a nation. Due to its central role, the availability of the smart grid is paramount and is hence necessary to have in-depth control of its operations and safety. To this aim, researchers developed multiple solutions to assess the smart grid's stability and guarantee that it operates in a safe state. Artificial intelligence and Machine learning algorithms have proven to be effective measures to accurately predict the smart grid's stability. Despite the presence of known adversarial attacks and potential solutions, currently, there exists no standardized measure to protect smart grids against this threat, leaving them open to new adversarial attacks. In this paper, we propose GAN-GRID a novel adversarial attack targeting the stability prediction system of a smart grid tailored to real-world constraints. Our findings reveal that an adversary armed solely with the stability model's output, devoid of data or model knowledge, can craft data classified as stable with an Attack Success Rate (ASR) of 0.99. Also by manipulating authentic data and sensor values, the attacker can amplify grid issues, potentially undetected due to a compromised stability prediction system. These results underscore the imperative of fortifying smart grid security mechanisms against adversarial manipulation to uphold system stability and reliability.

Published
2024
Full Text
View/download PDF

6. Reduce to the MACs -- Privacy Friendly Generic Probe Requests

Author

McDougall, Johanna Ansohn, Brighente, Alessandro, Kunstmann, Anne, Zapatka, Niklas, and Federrath, Hannes

Subjects
Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture
Abstract

Abstract. Since the introduction of active discovery in Wi-Fi networks, users can be tracked via their probe requests. Although manufacturers typically try to conceal Media Access Control (MAC) addresses using MAC address randomisation, probe requests still contain Information Elements (IEs) that facilitate device identification. This paper introduces generic probe requests: By removing all unnecessary information from IEs, the requests become indistinguishable from one another, letting single devices disappear in the largest possible anonymity set. Conducting a comprehensive evaluation, we demonstrate that a large IE set contained within undirected probe requests does not necessarily imply fast connection establishment. Furthermore, we show that minimising IEs to nothing but Supported Rates would enable 82.55% of the devices to share the same anonymity set. Our contributions provide a significant advancement in the pursuit of robust privacy solutions for wireless networks, paving the way for more user anonymity and less surveillance in wireless communication ecosystems.

Published
2024

7. Work-in-Progress: Crash Course: Can (Under Attack) Autonomous Driving Beat Human Drivers?

Author

Marchiori, Francesco, Brighente, Alessandro, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security
Abstract

Autonomous driving is a research direction that has gained enormous traction in the last few years thanks to advancements in Artificial Intelligence (AI). Depending on the level of independence from the human driver, several studies show that Autonomous Vehicles (AVs) can reduce the number of on-road crashes and decrease overall fuel emissions by improving efficiency. However, security research on this topic is mixed and presents some gaps. On one hand, these studies often neglect the intrinsic vulnerabilities of AI algorithms, which are known to compromise the security of these systems. On the other, the most prevalent attacks towards AI rely on unrealistic assumptions, such as access to the model parameters or the training dataset. As such, it is unclear if autonomous driving can still claim several advantages over human driving in real-world applications. This paper evaluates the inherent risks in autonomous driving by examining the current landscape of AVs and establishing a pragmatic threat model. Through our analysis, we develop specific claims highlighting the delicate balance between the advantages of AVs and potential security challenges in real-world scenarios. Our evaluation serves as a foundation for providing essential takeaway messages, guiding both researchers and practitioners at various stages of the automation pipeline. In doing so, we contribute valuable insights to advance the discourse on the security and viability of autonomous driving in real-world applications., Comment: Accepted at ACSW 2024

Published
2024

8. Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments

Author

Klement, Felix, Brighente, Alessandro, Polese, Michele, Conti, Mauro, and Katzenbeisser, Stefan

Subjects
Computer Science - Cryptography and Security
Abstract

In this paper, we investigate the security implications of virtualized and software-based Open Radio Access Network (RAN) systems, specifically focusing on the architecture proposed by the O-RAN ALLIANCE and O-Cloud deployments based on the O-RAN Software Community (OSC) stack and infrastructure. Our key findings are based on a thorough security assessment and static scanning of the OSC Near Real-Time RAN Intelligent Controller (RIC) cluster. We highlight the presence of potential vulnerabilities and misconfigurations in the Kubernetes infrastructure supporting the RIC, also due to the usage of outdated versions of software packages, and provide an estimation of their criticality using various deployment auditing frameworks (e.g., MITRE ATT&CK and the NSA CISA). In addition, we propose methodologies to minimize these issues and harden the Open RAN virtualization infrastructure. These encompass the integration of security evaluation methods into the deployment process, implementing deployment hardening measures, and employing policy-based control for RAN components. We emphasize the need to address the problems found in order to improve the overall security of virtualized Open RAN systems.

Published
2024

9. FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids

Author

Efatinasab, Emad, Marchiori, Francesco, Brighente, Alessandro, Rampazzo, Mirco, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security, Electrical Engineering and Systems Science - Signal Processing
Abstract

Predicting and classifying faults in electricity networks is crucial for uninterrupted provision and keeping maintenance costs at a minimum. Thanks to the advancements in the field provided by the smart grid, several data-driven approaches have been proposed in the literature to tackle fault prediction tasks. Implementing these systems brought several improvements, such as optimal energy consumption and quick restoration. Thus, they have become an essential component of the smart grid. However, the robustness and security of these systems against adversarial attacks have not yet been extensively investigated. These attacks can impair the whole grid and cause additional damage to the infrastructure, deceiving fault detection systems and disrupting restoration. In this paper, we present FaultGuard, the first framework for fault type and zone classification resilient to adversarial attacks. To ensure the security of our system, we employ an Anomaly Detection System (ADS) leveraging a novel Generative Adversarial Network training layer to identify attacks. Furthermore, we propose a low-complexity fault prediction model and an online adversarial training technique to enhance robustness. We comprehensively evaluate the framework's performance against various adversarial attacks using the IEEE13-AdvAttack dataset, which constitutes the state-of-the-art for resilient fault prediction benchmarking. Our model outclasses the state-of-the-art even without considering adversaries, with an accuracy of up to 0.958. Furthermore, our ADS shows attack detection capabilities with an accuracy of up to 1.000. Finally, we demonstrate how our novel training layers drastically increase performances across the whole framework, with a mean increase of 154% in ADS accuracy and 118% in model accuracy.

Published
2024
Full Text
View/download PDF

10. Penetration Testing of 5G Core Network Web Technologies

Author

Giambartolomei, Filippo, Barceló, Marc, Brighente, Alessandro, Urbieta, Aitor, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security
Abstract

Thanks to technologies such as virtual network function the Fifth Generation (5G) of mobile networks dynamically allocate resources to different types of users in an on-demand fashion. Virtualization extends up to the 5G core, where software-defined networks and network slicing implement a customizable environment. These technologies can be controlled via application programming interfaces and web technologies, inheriting hence their security risks and settings. An attacker exploiting vulnerable implementations of the 5G core may gain privileged control of the network assets and disrupt its availability. However, there is currently no security assessment of the web security of the 5G core network. In this paper, we present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Thanks to a suite of security testing tools, we cover all of these threats and test the security of the 5G core. In particular, we test the three most relevant open-source 5G core implementations, i.e., Open5GS, Free5Gc, and OpenAirInterface. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors, demanding increased security measures in the development of future 5G core networks.

Published
2024

11. A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols

Author

Lotto, Alessandro, Marchiori, Francesco, Brighente, Alessandro, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security
Abstract

The large number of Electronic Control Units (ECUs) mounted on modern cars and their expansive communication capabilities create a substantial attack surface for potential exploitation. Despite the evolution of automotive technology, the continued use of the originally insecure Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. In response to the absence of standardized authentication protocols within the automotive domain, researchers propose diverse solutions, each with unique strengths and vulnerabilities. However, the continuous influx of new protocols and potential oversights in meeting security requirements and essential operational features further complicate the implementability of these protocols. This paper comprehensively reviews and compares the 15 most prominent authentication protocols for the CAN bus. Our analysis emphasizes their strengths and weaknesses, evaluating their alignment with critical security requirements for automotive authentication. Additionally, we evaluate protocols based on essential operational criteria that contribute to ease of implementation in predefined infrastructures, enhancing overall reliability and reducing the probability of successful attacks. Our study reveals a prevalent focus on defending against external attackers in existing protocols, exposing vulnerabilities to internal threats. Notably, authentication protocols employing hash chains, Mixed Message Authentication Codes, and asymmetric encryption techniques emerge as the most effective approaches. Through our comparative study, we classify the considered protocols based on their security attributes and suitability for implementation, providing valuable insights for future developments in the field., Comment: This work has been submitted to the IEEE for possible publication

Published
2024

12. DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles

Author

Bianchi, Tommaso, Brighente, Alessandro, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security
Abstract

Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving thanks to a dedicated road infrastructure. DWPT's capabilities in automatically establishing charging sessions and billing without users' intervention make it prone to cybersecurity attacks. Hence, security is essential in preventing fraud, impersonation, and user tracking. To this aim, researchers proposed different solutions for authenticating users. However, recent advancements in quantum computing jeopardize classical public key cryptography, making currently existing solutions in DWPT authentication nonviable. To avoid the resource burden imposed by technology upgrades, it is essential to develop post-quantum-resistant solutions. In this paper, we propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging. DynamiQS is privacy-preserving and secure against attacks on the DWPT. We leverage an Identity-Based Encryption with Lattices in the Ring Learning With Error framework. Furthermore, we show the possibility of using DynamiQS in a real environment, leveraging the results of cryptographic computation on real constrained devices and simulations. DynamiQS reaches a total time cost of around 281 ms, which is practicable in dynamic charging settings (car and charging infrastructure).

Published
2023

13. LoVe is in the Air -- Location Verification of ADS-B Signals using Distributed Public Sensors

Author

McDougall, Johanna Ansohn, Brighente, Alessandro, Großmann, Willi, McDougall, Ben Ansohn, Stock, Joshua, and Federrath, Hannes

Subjects
Computer Science - Cryptography and Security
Abstract

The Automatic Dependant Surveillance-Broadcast (ADS-B) message scheme was designed without any authentication or encryption of messages in place. It is therefore easily possible to attack it, e.g., by injecting spoofed messages or modifying the transmitted Global Navigation Satellite System (GNSS) coordinates. In order to verify the integrity of the received information, various methods have been suggested, such as multilateration, the use of Kalman filters, group certification, and many others. However, solutions based on modifications of the standard may be difficult and too slow to be implemented due to legal and regulatory issues. A vantage far less explored is the location verification using public sensor data. In this paper, we propose LoVe, a lightweight message verification approach that uses a geospatial indexing scheme to evaluate the trustworthiness of publicly deployed sensors and the ADS-B messages they receive. With LoVe, new messages can be evaluated with respect to the plausibility of their reported coordinates in a location privacy-preserving manner, while using a data-driven and lightweight approach. By testing our approach on two open datasets, we show that LoVe achieves very low false positive rates (between 0 and 0.00106) and very low false negative rates (between 0.00065 and 0.00334) while providing a real-time compatible approach that scales well even with a large sensor set. Compared to currently existing approaches, LoVe neither requires a large number of sensors, nor for messages to be recorded by as many sensors as possible simultaneously in order to verify location claims. Furthermore, it can be directly applied to currently deployed systems thus being backward compatible.

Published
2023

14. EPUF: A Novel Scheme Based on Entropy Features of Latency-based DRAM PUFs Providing Lightweight Authentication in IoT Networks

Author

Najafi, Fatemeh, Kaveh, Masoud, Mosavi, Mohammad Reza, Brighente, Alessandro, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security
Abstract

Physical unclonable functions (PUFs) are hardware-oriented primitives that exploit manufacturing variations to generate a unique identity for a physical system. Recent advancements showed how DRAM can be exploited to implement PUFs. DRAM PUFs require no additional circuits for PUF operations and can be used in most of the applications with resource-constrained nodes such as Internet of Things (IoT) networks. However, the existing DRAM PUF solutions either require to interrupt other functions in the host system, or provide unreliable responses due to their sensitiveness to the environmental conditions. In this paper, we propose EPUF, a novel strategy to extract random and unique features from DRAM cells to generate reliable PUF responses. In particular, we use the bitmap images of the binary DRAM values and their entropy features. We show via real device experiments that EPUF is approximately $1.7$ times faster than other state of the art solutions, achieves $100\%$ reliability, generates features with $47.79\%$ uniqueness, and supports a large set of CRP that leads to new potentials for DRAM PUF-based authentication. We also propose a lightweight authentication protocol based on EPUF, which not only provides far better security guarantees but also outperforms the state-of-the-art in terms of communication overhead and computational cost.

Published
2023

15. When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems

Author

Efatinasab, Emad, Marchiori, Francesco, Donadel, Denis, Brighente, Alessandro, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security
Abstract

Many research papers have recently focused on behavioral-based driver authentication systems in vehicles. Pushed by Artificial Intelligence (AI) advancements, these works propose powerful models to identify drivers through their unique biometric behavior. However, these models have never been scrutinized from a security point of view, rather focusing on the performance of the AI algorithms. Several limitations and oversights make implementing the state-of-the-art impractical, such as their secure connection to the vehicle's network and the management of security alerts. Furthermore, due to the extensive use of AI, these systems may be vulnerable to adversarial attacks. However, there is currently no discussion on the feasibility and impact of such attacks in this scenario. Driven by the significant gap between research and practical application, this paper seeks to connect these two domains. We propose the first security-aware system model for behavioral-based driver authentication. We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures designed for our constrained environments. We formalize a realistic system and threat model reflecting a real-world vehicle's network for their implementation. When evaluated on real driving data, our models outclass the state-of-the-art with an accuracy of up to 0.999 in identification and authentication. Moreover, we are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN. We show how attackers can still exploit these systems with a perfect attack success rate (up to 1.000). Finally, we discuss requirements for deploying driver authentication systems securely. Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.

Published
2023

16. Beware of Pickpockets: A Practical Attack against Blocking Cards

Author

Alecci, Marco, Attanasio, Luca, Brighente, Alessandro, Conti, Mauro, Losiouk, Eleonora, Ochiai, Hideki, and Turrin, Federico

Subjects
Computer Science - Cryptography and Security
Abstract

Today, we rely on contactless smart cards to perform several critical operations (e.g., payments and accessing buildings). Attacking smart cards can have severe consequences, such as losing money or leaking sensitive information. Although the security protections embedded in smart cards have evolved over the years, those with weak security properties are still commonly used. Among the different solutions, blocking cards are affordable devices to protect smart cards. These devices are placed close to the smart cards, generating a noisy jamming signal or shielding them. Whereas vendors claim the reliability of their blocking cards, no previous study has ever focused on evaluating their effectiveness. In this paper, we shed light on the security threats on smart cards in the presence of blocking cards, showing the possibility of being bypassed by an attacker. We analyze blocking cards by inspecting their emitted signal and assessing a vulnerability in their internal design. We propose a novel attack that bypasses the jamming signal emitted by a blocking card and reads the content of the smart card. We evaluate the effectiveness of 11 blocking cards when protecting a MIFARE Ultralight smart card and a MIFARE Classic card. Of these 11 cards, we managed to bypass 8 of them and successfully dump the content of a smart card despite the presence of the blocking card. Our findings highlight that the noise type implemented by the blocking cards highly affects the protection level achieved by them. Based on this observation, we propose a countermeasure that may lead to the design of effective blocking cards. To further improve security, we released the tool we developed to inspect the spectrum emitted by blocking cards and set up our attack.

Published
2023
Full Text
View/download PDF

17. Electric Vehicles Security and Privacy: Challenges, Solutions, and Future Needs

Author

Brighente, Alessandro, Conti, Mauro, Donadel, Denis, Poovendran, Radha, Turrin, Federico, and Zhou, Jianying

Subjects
Computer Science - Cryptography and Security
Abstract

Electric Vehicles (EVs) share common technologies with classical fossil-fueled cars, but they also employ novel technologies and components (e.g., Charging System and Battery Management System) that create an unexplored attack surface for malicious users. Although multiple contributions in the literature explored cybersecurity aspects of particular components of the EV ecosystem (e.g., charging infrastructure), there is still no contribution to the holistic cybersecurity of EVs and their related technologies from a cyber-physical system perspective. In this paper, we provide the first in-depth study of the security and privacy threats associated with the EVs ecosystem. We analyze the threats associated with both the EV and the different charging solutions. Focusing on the Cyber-Physical Systems (CPS) paradigm, we provide a detailed analysis of all the processes that an attacker might exploit to affect the security and privacy of both drivers and the infrastructure. To address the highlighted threats, we present possible solutions that might be implemented. We also provide an overview of possible future directions to guarantee the security and privacy of the EVs ecosystem. Based on our analysis, we stress the need for EV-specific cybersecurity solutions.

Published
2023

18. One Class to Test Them All: One-Class Classifier-Based ADS-B Location Spoofing Detection

Author

Brighente, Alessandro, Conti, Mauro, Salaeva, Sitora, Turrin, Federico, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, van Leeuwen, Jan, Series Editor, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Kobsa, Alfred, Series Editor, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Nierstrasz, Oscar, Series Editor, Pandu Rangan, C., Editorial Board Member, Sudan, Madhu, Series Editor, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Weikum, Gerhard, Series Editor, Vardi, Moshe Y, Series Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, and Andreoni, Martin, editor

Published
2024
Full Text
View/download PDF

19. Hyperloop: A Cybersecurity Perspective

Author

Brighente, Alessandro, Conti, Mauro, Donadel, Denis, and Turrin, Federico

Subjects
Computer Science - Cryptography and Security
Abstract

Hyperloop is among the most prominent future transportation systems. It involves novel technologies to allow traveling at a maximum speed of 1220km/h while guaranteeing sustainability. Due to the system's performance requirements and the critical infrastructure it represents, its safety and security must be carefully considered. In transportation systems, cyberattacks could lead to safety issues with catastrophic consequences for the population and the surrounding environment. To this day, no research investigated the cybersecurity issues of the Hyperloop technology. In this paper, we provide the first analysis of the cybersecurity challenges of the interconnections between the different components of the Hyperloop ecosystem. We base our analysis on the currently available Hyperloop implementations, distilling those features that will likely be present in its final design. Moreover, we investigate possible infrastructure management approaches and their security concerns. Finally, we discuss countermeasures and future directions for the security of the Hyperloop design., Comment: 9 pages, 4 figures, 1 table

Published
2022

20. Identity-Based Authentication for On-Demand Charging of Electric Vehicles

Author

Asokraj, Surudhi, Bianchi, Tommaso, Brighente, Alessandro, Conti, Mauro, and Poovendran, Radha

Subjects
Computer Science - Cryptography and Security
Abstract

Dynamic wireless power transfer provides means for charging Electric Vehicles (EVs) while driving, avoiding stopping for charging and hence fostering their widespread adoption. Researchers devoted much effort over the last decade to provide a reliable infrastructure for potential users to improve comfort and time management. Due to the severe security and performance system requirements, the different scheme proposed in last years lack of a unified protocol involving the modern architecture model with merged authentication and billing processes. Furthermore, they require the continuous interaction of the trusted entity during the process, increasing the delay for the communication and reducing security due to the large number of message exchanges. In this paper, we propose a secure, computationally lightweight, unified protocol for fast authentication and billing that provides on-demand dynamic charging to comprehensively deal with all the computational and security constraints. The protocol employs an ID-based public encryption scheme to manage mutual authentication and pseudonyms to preserve the user's identity across multiple charging processes. Compared to state-of-the-art authentication protocols, our proposal overcomes the problem of overwhelming interactions and provides public scheme security against the use of simple operations in wide open communications without impacting on performance., Comment: 13 pages

Published
2022

21. Hide and Seek -- Preserving Location Privacy and Utility in the Remote Identification of Unmanned Aerial Vehicles

Author

Brighente, Alessandro, Conti, Mauro, and Sciancalepore, Savio

Subjects
Computer Science - Cryptography and Security
Abstract

Due to the frequent unauthorized access by commercial drones to Critical Infrastructures (CIs) such as airports and oil refineries, the US-based Federal Avionics Administration (FAA) recently published a new specification, namely RemoteID. The aforementioned rule mandates that all Unmanned Aerial Vehicles (UAVs) have to broadcast information about their identity and location wirelessly to allow for immediate invasion attribution. However, the enforcement of such a rule poses severe concerns on UAV operators, especially in terms of location privacy and tracking threats, to name a few. Indeed, by simply eavesdropping on the wireless channel, an adversary could know the precise location of the UAV and track it, as well as obtaining sensitive information on path source and destination of the UAV. In this paper, we investigate the trade-off between location privacy and data utility that can be provided to UAVs when obfuscating the broadcasted location through differential privacy techniques. Leveraging the concept of Geo-Indistinguishability (Geo-Ind), already adopted in the context of Location-Based Services (LBS), we show that it is possible to enhance the privacy of the UAVs without preventing CI operators to timely detect unauthorized invasions. In particular, our experiments showed that when the location of an UAV is obfuscated with an average distance of 1.959 km, a carefully designed UAV detection system can detect 97.9% of invasions, with an average detection delay of 303.97 msec. The UAVs have to trade-off such enhanced location privacy with a non-negligible probability of false positives, i.e., being detected as invading while not really invading the no-fly zone. UAVs and CI operators can solve such ambiguous situations later on through the help of the FAA, being this latter the only one that can unveil the actual location of the UAV.

Published
2022

22. QEVSEC: Quick Electric Vehicle SEcure Charging via Dynamic Wireless Power Transfer

Author

Bianchi, Tommaso, Asokraj, Surudhi, Brighente, Alessandro, Conti, Mauro, and Poovendran, Radha

Subjects
Computer Science - Cryptography and Security
Abstract

Dynamic Wireless Power Transfer (DWPT) can be used for on-demand recharging of Electric Vehicles (EV) while driving. However, DWPT raises numerous security and privacy concerns. Recently, researchers demonstrated that DWPT systems are vulnerable to adversarial attacks. In an EV charging scenario, an attacker can prevent the authorized customer from charging, obtain a free charge by billing a victim user and track a target vehicle. State-of-the-art authentication schemes relying on centralized solutions are either vulnerable to various attacks or have high computational complexity, making them unsuitable for a dynamic scenario. In this paper, we propose Quick Electric Vehicle SEcure Charging (QEVSEC), a novel, secure, and efficient authentication protocol for the dynamic charging of EVs. Our idea for QEVSEC originates from multiple vulnerabilities we found in the state-of-the-art protocol that allows tracking of user activity and is susceptible to replay attacks. Based on these observations, the proposed protocol solves these issues and achieves lower computational complexity by using only primitive cryptographic operations in a very short message exchange. QEVSEC provides scalability and a reduced cost in each iteration, thus lowering the impact on the power needed from the grid., Comment: 6 pages, conference

Published
2022
Full Text
View/download PDF

23. VLC Physical Layer Security through RIS-aided Jamming Receiver for 6G Wireless Networks

Author

Soderi, Simone, Brighente, Alessandro, Turrin, Federico, and Conti, Mauro

Subjects
Computer Science - Cryptography and Security
Abstract

Visible Light Communication (VLC) is one the most promising enabling technology for future 6G networks to overcome Radio-Frequency (RF)-based communication limitations thanks to a broader bandwidth, higher data rate, and greater efficiency. However, from the security perspective, VLCs suffer from all known wireless communication security threats (e.g., eavesdropping and integrity attacks). For this reason, security researchers are proposing innovative Physical Layer Security (PLS) solutions to protect such communication. Among the different solutions, the novel Reflective Intelligent Surface (RIS) technology coupled with VLCs has been successfully demonstrated in recent work to improve the VLC communication capacity. However, to date, the literature still lacks analysis and solutions to show the PLS capability of RIS-based VLC communication. In this paper, we combine watermarking and jamming primitives through the Watermark Blind Physical Layer Security (WBPLSec) algorithm to secure VLC communication at the physical layer. Our solution leverages RIS technology to improve the security properties of the communication. By using an optimization framework, we can calculate RIS phases to maximize the WBPLSec jamming interference schema over a predefined area in the room. In particular, compared to a scenario without RIS, our solution improves the performance in terms of secrecy capacity without any assumption about the adversary's location. We validate through numerical evaluations the positive impact of RIS-aided solution to increase the secrecy capacity of the legitimate jamming receiver in a VLC indoor scenario. Our results show that the introduction of RIS technology extends the area where secure communication occurs and that by increasing the number of RIS elements the outage probability decreases.

Published
2022
Full Text
View/download PDF

24. FOLPETTI: A Novel Multi-Armed Bandit Smart Attack for Wireless Networks

Author

Bout, Emilie, Brighente, Alessandro, Conti, Mauro, and Loscri, Valeria

Subjects
Computer Science - Cryptography and Security
Abstract

Channel hopping provides a defense mechanism against jamming attacks in large scale \ac{iot} networks.} However, a sufficiently powerful attacker may be able to learn the channel hopping pattern and efficiently predict the channel to jam. In this paper, we present FOLPETTI, a MAB-based attack to dynamically follow the victim's channel selection in real-time. Compared to previous attacks implemented via DRL, FOLPETTI does not require recurrent training phases to capture the victim's behavior, allowing hence a continuous attack. We assess the validity of FOLPETTI by implementing it to launch a jamming attack. We evaluate its performance against a victim performing random channel selection and a victim implementing a MAB defence strategy. We assume that the victim detects an attack when more than $20\%$ of the transmitted packets are not received, therefore this represents the limit for the attack to be stealthy. In this scenario, FOLPETTI achieves a $15\%$ success rate for the victim's random channel selection strategy, close to the $17.5\%$ obtained with a genie-aided approach. Conversely, the DRL-based approach reaches a success rate of $12.5\%$, which is $5.5\%$ less than FOLPETTI. We also confirm the results by confronting FOLPETTI with a MAB based channel hopping method. Finally, we show that FOLPETTI creates an additional energy demand independently from its success rate, therefore decreasing the lifetime of IoT devices.

Published
2022

25. Unmanned Aerial Vehicles Meet Reflective Intelligent Surfaces to Improve Coverage and Secrecy

Author

Brighente, Alessandro, Conti, Mauro, Idriss, Hanan, and Tomasin, Stefano

Subjects
Computer Science - Cryptography and Security, Electrical Engineering and Systems Science - Signal Processing
Abstract

The high configurability and low cost of Reflective Intelligent Surfaces (RISs) made them a promising solution for enhancing the capabilities of Beyond Fifth-Generation (B5G) networks. Recent works proposed to mount RISs on Unmanned Aerial Vehicles (UAVs), combining the high network configurability provided by RIS with the mobility brought by UAVs. However, the RIS represents an additional weight that impacts the battery lifetime of the UAV. Furthermore, the practicality of the resulting link in terms of communication channel quality and security have not been assessed in detail. In this paper, we highlight all the essential features that need to be considered for the practical deployment of RIS-enabled UAVs. We are the first to show how the RIS size and its power consumption impact the UAV flight time. We then assess how the RIS size, carrier frequency, and UAV flying altitude affects the path loss. Lastly, we propose a novel particle swarm-based approach to maximize coverage and improve the confidentiality of transmissions in a cellular scenario with the support of RISs carried by UAVs.

Published
2022

26. Extorsionware: Exploiting Smart Contract Vulnerabilities for Fun and Profit

Author

Brighente, Alessandro, Conti, Mauro, and Kumar, Sathish

Subjects
Computer Science - Cryptography and Security
Abstract

Smart Contracts (SCs) publicly deployed on blockchain have been shown to include multiple vulnerabilities, which can be maliciously exploited by users. In this paper, we present extorsionware, a novel attack exploiting the public nature of vulnerable SCs to gain control over the victim's SC assets. Thanks to the control gained over the SC, the attacker obliges the victim to pay a price to re-gain exclusive control of the SC.

Published
2022

28. EVScout2.0: Electric Vehicle Profiling Through Charging Profile

Author

Brighente, Alessandro, Conti, Mauro, Donadel, Denis, and Turrin, Federico

Subjects
Computer Science - Cryptography and Security
Abstract

EVs (Electric Vehicles) represent a green alternative to traditional fuel-powered vehicles. To enforce their widespread use, both the technical development and the security of users shall be guaranteed. Privacy of users represents one of the possible threats impairing EVs adoption. In particular, recent works showed the feasibility of identifying EVs based on the current exchanged during the charging phase. In fact, while the resource negotiation phase runs over secure communication protocols, the signal exchanged during the actual charging contains features peculiar to each EV. A suitable feature extractor can hence associate such features to each EV, in what is commonly known as profiling. In this paper, we propose EVScout2.0, an extended and improved version of our previously proposed framework to profile EVs based on their charging behavior. By exploiting the current and pilot signals exchanged during the charging phase, our scheme is able to extract features peculiar for each EV, allowing hence for their profiling. We implemented and tested EVScout2.0 over a set of real-world measurements considering over 7500 charging sessions from a total of 137 EVs. In particular, numerical results show the superiority of EVScout2.0 with respect to the previous version. EVScout2.0 can profile EVs, attaining a maximum of 0.88 recall and 0.88 precision. To the best of the authors' knowledge, these results set a new benchmark for upcoming privacy research for large datasets of EVs.

Published
2021

29. Interference Prediction for Low-Complexity Link Adaptation in Beyond 5G Ultra-Reliable Low-Latency Communications

Author

Brighente, Alessandro, Mohammadi, Jafar, Baracca, Paolo, Mandelli, Silvio, and Tomasin, Stefano

Subjects
Computer Science - Emerging Technologies
Abstract

Traditional link adaptation (LA) schemes in cellular network must be revised for networks beyond the fifth generation (b5G), to guarantee the strict latency and reliability requirements advocated by ultra reliable low latency communications (URLLC). In particular, a poor error rate prediction potentially increases retransmissions, which in turn increase latency and reduce reliability. In this paper, we present an interference prediction method to enhance LA for URLLC. To develop our prediction method, we propose a kernel based probability density estimation algorithm, and provide an in depth analysis of its statistical performance. We also provide a low complxity version, suitable for practical scenarios. The proposed scheme is compared with state-of-the-art LA solutions over fully compliant 3rd generation partnership project (3GPP) calibrated channels, showing the validity of our proposal.

Published
2021

30. Threat Sensitive Networking: On the Security of IEEE 802.1CB and (un)Effectiveness of Existing Security Solutions

Author

de Vos, Adriaan, Brighente, Alessandro, Conti, Mauro, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Katsikas, Sokratis, editor, Cuppens, Frédéric, editor, Kalloniatis, Christos, editor, Mylopoulos, John, editor, Pallas, Frank, editor, Pohle, Jörg, editor, Sasse, M. Angela, editor, Abie, Habtamu, editor, Ranise, Silvio, editor, Verderame, Luca, editor, Cambiaso, Enrico, editor, Maestre Vidal, Jorge, editor, Sotelo Monge, Marco Antonio, editor, Albanese, Massimiliano, editor, Katt, Basel, editor, Pirbhulal, Sandeep, editor, and Shukla, Ankur, editor

Published
2023
Full Text
View/download PDF

31. Interference Distribution Prediction for Link Adaptation in Ultra-Reliable Low-Latency Communications

Author

Brighente, Alessandro, Mohammadi, Jafar, and Baracca, Paolo

Subjects
Electrical Engineering and Systems Science - Signal Processing, Computer Science - Information Theory, Statistics - Machine Learning
Abstract

The strict latency and reliability requirements of ultra-reliable low-latency communications (URLLC) use cases are among the main drivers in fifth generation (5G) network design. Link adaptation (LA) is considered to be one of the bottlenecks to realize URLLC. In this paper, we focus on predicting the signal to interference plus noise ratio at the user to enhance the LA. Motivated by the fact that most of the URLLC use cases with most extreme latency and reliability requirements are characterized by semi-deterministic traffic, we propose to exploit the time correlation of the interference to compute useful statistics needed to predict the interference power in the next transmission. This prediction is exploited in the LA context to maximize the spectral efficiency while guaranteeing reliability at an arbitrary level. Numerical results are compared with state of the art interference prediction techniques for LA. We show that exploiting time correlation of the interference is an important enabler of URLLC., Comment: IEEE VTC-Spring 2020; minor notation changes in Sections III-V

Published
2020

34. Machine Learning For In-Region Location Verification In Wireless Networks

Author

Brighente, Alessandro, Formaggio, Francesco, Di Nunzio, Giorgio Maria, and Tomasin, Stefano

Subjects
Electrical Engineering and Systems Science - Signal Processing
Abstract

In-region location verification (IRLV) aims at verifying whether a user is inside a region of interest (ROI). In wireless networks, IRLV can exploit the features of the channel between the user and a set of trusted access points. In practice, the channel feature statistics is not available and we resort to machine learning (ML) solutions for IRLV. We first show that solutions based on either neural networks (NNs) or support vector machines (SVMs) and typical loss functions are Neyman-Pearson (N-P)-optimal at learning convergence for sufficiently complex learning machines and large training datasets . Indeed, for finite training, ML solutions are more accurate than the N-P test based on estimated channel statistics. Then, as estimating channel features outside the ROI may be difficult, we consider one-class classifiers, namely auto-encoders NNs and one-class SVMs, which however are not equivalent to the generalized likelihood ratio test (GLRT), typically replacing the N-P test in the one-class problem. Numerical results support the results in realistic wireless networks, with channel models including path-loss, shadowing, and fading.

Published
2018

35. Location-Verification and Network Planning via Machine Learning Approaches

Author

Brighente, Alessandro, Formaggio, Francesco, Centenaro, Marco, Di Nunzio, Giorgio Maria, and Tomasin, Stefano

Subjects
Electrical Engineering and Systems Science - Signal Processing
Abstract

In-region location verification (IRLV) in wireless networks is the problem of deciding if user equipment (UE) is transmitting from inside or outside a specific physical region (e.g., a safe room). The decision process exploits the features of the channel between the UE and a set of network access points (APs). We propose a solution based on machine learning (ML) implemented by a neural network (NN) trained with the channel features (in particular, noisy attenuation values) collected by the APs for various positions both inside and outside the specific region. The output is a decision on the UE position (inside or outside the region). By seeing IRLV as an hypothesis testing problem, we address the optimal positioning of the APs for minimizing either the area under the curve (AUC) of the receiver operating characteristic (ROC) or the cross entropy (CE) between the NN output and ground truth (available during the training). In order to solve the minimization problem we propose a twostage particle swarm optimization (PSO) algorithm. We show that for a long training and a NN with enough neurons the proposed solution achieves the performance of the Neyman-Pearson (N-P) lemma., Comment: Accepted for Workshop on Machine Learning for Communications, June 07 2019, Avignon, France

Published
2018

38. Centralized and Distributed Sparsification for Low-Complexity Message Passing Algorithm in C-RAN Architectures

Author

Brighente, Alessandro and Tomasin, Stefano

Subjects
Computer Science - Information Theory
Abstract

Cloud radio access network (C-RAN) is a promising technology for fifth-generation (5G) cellular systems. However the burden imposed by the huge amount of data to be collected (in the uplink) from the radio remote heads (RRHs) and processed at the base band unit (BBU) poses serious challenges. In order to reduce the computation effort of minimum mean square error (MMSE) receiver at the BBU the Gaussian message passing (MP) together with a suitable sparsification of the channel matrix can be used. In this paper we propose two sets of solutions, either centralized or distributed ones. In the centralized solutions, we propose different approaches to sparsify the channel matrix, in order to reduce the complexity of MP. However these approaches still require that all signals reaching the RRH are conveyed to the BBU, therefore the communication requirements among the backbone network devices are unaltered. In the decentralized solutions instead we aim at reducing both the complexity of MP at the BBU and the requirements on the RRHs-BBU communication links by pre-processing the signals at the RRH and convey a reduced set of signals to the BBU., Comment: Accepted for pubblication in IEEE VTC 2017

Published
2017

39. Beamforming and Scheduling for mmWave Downlink Sparse Virtual Channels With Non-Orthogonal and Orthogonal Multiple Access

Author

Brighente, Alessandro and Tomasin, Stefano

Subjects
Computer Science - Information Theory
Abstract

We consider the problem of scheduling and power allocation for the downlink of a 5G cellular system operating in the millimeter wave (mmWave) band and serving two sets of users: fix-rate (FR) users typically seen in device-to-device (D2D) communications, and variable-rate (VR) users, or high data rate services. The scheduling objective is the weighted sum-rate of both FR and VR users, and the constraints ensure that active FR users get the required rate. The weights of the objective function provide a trade-off between the number of served FR users and the resources allocated to VR users. For mmWave channels the virtual channel matrix obtained by applying fixed discrete-Fourier transform (DFT) beamformers at both the transmitter and the receiver is sparse. This results into a sparsity of the resulting multiple access channel, which is exploited to simplify scheduling, first establishing an interference graph among users and then grouping users according to their orthogonality. The original scheduling problem is solved using a graph-coloring algorithm on the interference graph in order to select sub-sets of orthogonal VR users. Two options are considered for FR users: either they are chosen orthogonal to VR users or non-orthogonal. A waterfilling algorithm is then used to allocate power to the FR users., Comment: Accepted for publication on IEEE VTC 2017

Published
2017

40. Tell Me How You Re-Charge, I Will Tell You Where You Drove To: Electric Vehicles Profiling Based on Charging-Current Demand

Author

Brighente, Alessandro, Conti, Mauro, Sadaf, Izza, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Shulman, Haya, editor, and Waidner, Michael, editor

Published
2021
Full Text
View/download PDF

41. Multi-RIS Aided VLC Physical Layer Security for 6G Wireless Networks

Author

Soderi, Simone, Brighente, Alessandro, Xu, Saiqin, and Conti, Mauro

Abstract

Recent studies highlighted the advantages of Visible Light Communication (VLC) over radio technology for future 6G networks. Thanks to the use of Reflective Intelligent Surfaces (RISs), researchers showed that is possible to guarantee communication secrecy in a VLC network where the adversary location is unknown. However, the problem of authenticating the transmitter with a low-complexity physical layer solution while guaranteeing communication secrecy is still open. This paper proposes a novel multi-RIS architecture to guarantee source authentication, communication secrecy, and integrity in a VLC scenario. We leverage the intuition that a signal transmitted by users located in different positions will undergo a different propagation path to discriminate between the legitimate intended transmitter and an attacker. To increase the channel's variability and reduce the chances that an adversary might be able to replicate it, we leverage the reconfiguration capabilities of RIS. We derive a statistical characterization of the non-line-of-sight VLC channel, representing the light reflected by RIS elements. Via numerical simulations, we show that the channel variability combined with the configurability capabilities of RISs provide sufficient statistics to authenticate the legitimate transmitter at the physical layer.

Published
2024
Full Text
View/download PDF

42. Evaporative Angle: A Generative Approach to Mitigate Jamming Attacks in DOA Estimation

Author

Xu, Saiqin, Brighente, Alessandro, Conti, Mauro, Chen, Baixiao, and Wang, Shuo

Abstract

Current Direction of Arrival (DOA) estimation methods are unable to provide reliable estimates when faced with jamming attacks. To address this issue, we propose Direction of Arrival Estimation via Conditional Generative Adversarial Networks (DOA-CGAN), the first generative approach to remove the jamming component from the received signal covariance matrix. In our model, we input the received signal covariance matrix to an unsupervised generator that filters it to generate a matrix that can be deemed legitimate by a supervised discriminator. After training, we leverage the generator as a filter able to remove the jamming component from the received signal covariance matrix and feed its output to classical DOA estimation algorithms. Numerical results demonstrate that our proposed method delivers robust DOA estimation compared with other machine learning methods with a root mean squared error smaller than 0.2°.

Published
2024
Full Text
View/download PDF

50. BARON: Base-Station Authentication Through Core Network for Mobility Management in 5G Networks

Author

Lotto, Alessandro (author), Singh, Vaibhav (author), Ramasubramanian, Bhaskar (author), Brighente, Alessandro (author), Conti, M. (author), Poovendran, Radha (author), Lotto, Alessandro (author), Singh, Vaibhav (author), Ramasubramanian, Bhaskar (author), Brighente, Alessandro (author), Conti, M. (author), and Poovendran, Radha (author)

Abstract

Fifth-generation (5G) cellular communication networks are being deployed on applications beyond mobile devices, including vehicular networks and industry automation. Despite their increasing popularity, 5G networks, as defined by the Third Generation Partnership Project (3GPP), have been shown to be vulnerable against fake base station (FBS) attacks. An adversary carrying out an FBS attack emulates a legitimate base station by setting up a rogue base station. This enables the adversary to control the connection of any user equipment that (inadvertently) connects with the rogue base station. Such an adversary can gather sensitive information belonging to the user. While there is a large body of work focused on the development of tools to detect FBSs, the user equipment will continue to remain vulnerable to an FBS attack. In this paper, we propose BARON, a defense methodology to enable user equipment to determine whether a target base station that it is connecting to is legitimate or rogue. BARON accomplishes this by ensuring that the user receives an authentication token from the target base station which can be computed only by a legitimate and trusted entity. As a consequence, receiving such an authentication token from a base station ensures legitimacy of the base station. We evaluate BARON through extensive experiments on the handover process between base stations in 5G networks. Our experimental results show that BARON introduces an overhead of less than 1% during handover completion, which is 10000× lower than the overhead reported by a state-of-the-art method. BARON is also effective in thwarting an FBS attack and quickly recovering connection to a legitimate base station., Cyber Security

Published
2023
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results