
Gabriele OligeriHamad bin Khalifa University | HBKU · College of Science and Engineering
Gabriele Oligeri
PhD
About
108
Publications
53,227
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,288
Citations
Publications
Publications (108)
Cyber Spectrum Intelligence (SpecInt) is emerging as a concept that extends beyond basic {\em spectrum sensing} and {\em signal intelligence} to encompass a broader set of capabilities and technologies aimed at monitoring the use of the radio spectrum and extracting information. SpecInt merges traditional spectrum sensing techniques with Artificial...
Detecting spoofing attacks to Low-Earth-Orbit (LEO) satellite systems is a cornerstone to assessing the authenticity of the received information and guaranteeing robust service delivery in several application domains. The solutions available today for spoofing detection either rely on additional communication systems, receivers, and antennas, or re...
Radio Frequency Fingerprinting (RFF) techniques allow a receiver to authenticate a transmitter by analyzing the physical layer of the radio spectrum. Although the vast majority of scientific contributions focus on improving the performance of RFF considering different parameters and scenarios, in this work, we consider RFF as an attack vector to id...
Image-based Radio Frequency Fingerprinting (RFF) is a promising variant of traditional RFF systems. As a distinctive feature, such systems convert Physical-layer signals into matrices resembling 2-D or 3-D images and consider the latter as the input for state-of-the-art image classifiers. Compared to traditional ones, image-based RFF systems have r...
Radio Frequency Fingerprinting (RFF) offers a unique method for identifying devices at the physical (PHY) layer based on their RF emissions due to intrinsic hardware differences. Nevertheless, RFF techniques depend on the ability to extract information from the PHY layer of the radio spectrum by resorting to Software Defined Radios (SDR). Previous...
MITRE ATT&CK is a comprehensive framework of adversary tactics, techniques and procedures based on real-world observations. It has been used as a foundation for threat modeling in different sectors, such as government, academia and industry. To the best of our knowledge, no previous work has been devoted to the comprehensive collection, study and i...
Radio Frequency fingerprinting enables a passive receiver to recognize and authenticate a transmitter without the need for cryptographic tools. Authentication is achieved by isolating specific features of the transmitted signal that are unique to the transmitter's hardware. Much research has focused on improving the effectiveness and efficiency of...
With the widespread adoption of drones in daily life, next-generation smart cities need to establish highways, i.e., trajectories where drones can fly and operate safely. However, due to the untrusted nature of their ecosystem, drones might misbehave and take disallowed trajectories, e.g., to reduce the time to fly to a destination, reduce energy c...
In the recent years, cyberattacks to smart grids are becoming more frequent. Among the many malicious activities that can be launched against smart grids, the False Data Injection (FDI) attacks have raised significant concerns from both academia and industry. FDI attacks can affect the (internal) state estimation process—critical for smart grid mon...
The current state of the art on jamming detection relies on link-layer metrics. A few examples are the bit-error rate (BER), the packet delivery ratio, the throughput, and the signal-to-noise ratio (SNR). As a result, these techniques can only detect jamming ex-post, i.e., once the attack has already taken down the communication link. These solutio...
Detecting spoofing attacks on a satellite infrastructure is a challenging task, due to the wide coverage, the low received power from the satellite beams and finally the opportunistic nature of radio broadcasting. Although message authentication can be implemented at several communication layers, only a few solutions have been provided at the physi...
While various methods exist to implement message authentication in different communication layers, the physical layer offers some unique and beneficial features for this purpose. Existing solutions authenticate transmitters at the physical layer by merging deep learning with physical-layer attributes, protecting against impersonation attacks. This...
Remote ID (RID) regulations soon applicable worldwide force drones to broadcast plaintext wireless messages providing, among others, their current location. However, malicious drone operators who want to stay stealthy might disclose RID messages carrying out location spoofing attacks, i.e., report forged locations, different from the actual ones. I...
LoRa technology, widely used in the Internet of Things (IoT) domain, faces challenges with traditional cryptographic authentication methods due to power constraints and computing overhead. Radio Frequency Fingerprinting (RFFI) emerges as a low-cost, low-power solution. In this paper, we propose a novel RFFI method for authenticating LoRa devices, w...
The security and privacy of wireless channels is typically enforced by leveraging cryptographic tools. However, there are scenarios where these methods are unfit, such as in resource-constrained environments, i.e., Internet of Things (IoT), or when an extra layer of security is needed. A promising solution involves correlating air pressure (baromet...
MITRE ATT&CK is a comprehensive framework of adversary tactics, techniques and procedures based on real-world observations. It has been used as a foundation for threat modelling in different sectors, such as government, academia and industry. To the best of our knowledge, no previous work has been devoted to the comprehensive collection, study and...
In the recent years cyberattacks to smart grids are becoming more frequent Among the many malicious activities that can be launched against smart grids False Data Injection FDI attacks have raised significant concerns from both academia and industry FDI attacks can affect the internal state estimation processcritical for smart grid monitoring and c...
The current state of the art on jamming detection relies on link-layer metrics. A few examples are the bit-error rate, the packet delivery ratio, the throughput, and the increase of the signal-to-noise ratio. As a result, these techniques can only detect jamming ex-post, i.e., once the attack has already taken down the communication link. These sol...
The performance of Radio Frequency (RF) fingerprinting techniques is negatively impacted when the training data is not temporally close to the testing data. This can limit the practical implementation of physical-layer authentication solutions. To circumvent this problem, current solutions involve collecting training and testing datasets at close t...
Physical-layer information associated with wireless communications is a trove of data, that can be leveraged by several research communities, e.g., networking and security. Indeed, such information (IQ samples) represents the signal at the very beginning of the receiver chain, just after the demodulation, and they embed valuable information about b...
Traditional jamming detection techniques, adopted in static networks, require the receiver (under jamming) to infer the presence of the jammer by measuring the effects of the jamming activity (packet loss and received signal strength), thus resulting only in a-posteriori analysis. However, in mobile scenarios, receivers (e.g., drones, vehicles, etc...
MITRE ATT&CK is a comprehensive knowledge-base of adversary tactics, techniques, and procedures (TTP) based on real-world attack scenarios. It has been used in different sectors, such as government, academia, and industry, as a foundation for threat modeling, risk assessment, and defensive strategies. There are valuable insights within MITRE ATT&CK...
Wireless enabling technologies in critical infrastructures are increasing the efficiency of communications. Most of these technologies are vulnerable to jamming attacks. Jamming attacks are among the most effective countermeasures to attack and compromise their availability. Jamming is an interfering signal that limits the intended receiver from co...
Physical-layer security is regaining traction in the research community, due to the performance boost introduced by deep learning classification algorithms. This is particularly true for sender authentication in wireless communications via radio fingerprinting. However, previous research mainly focused on terrestrial wireless devices while, to the...
The broadcast nature of wireless communications makes them vulnerable to denial-of-service attacks. Indeed, an adversary can prevent the reception of wireless messages by transmitting signals with high power over the same frequency of the considered channel. This paper presents an experimental dataset of real-world indoor communication scenarios af...
Classifying a weapon based on its muzzle blast is a challenging task that has significant applications in various security and military fields. Most of the existing works rely on ad-hoc deployment of spatially diverse microphone sensors to capture multiple replicas of the same gunshot, which enables accurate detection and identification of the acou...
Modern vehicular systems rely on the Global Positioning System (GPS) technology to provide accurate and timely services. However, the GPS has been proved to be characterized by an intrinsic insecure design, thus being subject to several security attacks. Current solutions can reliably detect GPS spoofing attacks leveraging the physical features of...
Current commercial and research solutions for drones' detection do not make any assumption on the scenario deployment, as well as the unique mobility pattern associated with the drone's trajectory. Indeed, drones' trajectory is different from the one of people moving at the ground level, being independent of roads layout and obstacles on their path...
Fake news propagation is a complex phenomenon influenced by a multitude of factors whose identification and impact assessment is challenging. Although many models have been proposed in the literature, the one capturing all the properties of a real fake-news propagation phenomenon is inevitably still missing. Modern propagation models, mainly inspir...
Jamming is a malicious radio activity that represents a dreadful threat when employed in critical scenarios. Several techniques have been proposed to detect, locate, and mitigate jamming. Similarly, counter-counter-jamming techniques have been devised. This paper belongs to the latter thread. In particular, we propose a new jammer model: a power-mo...
This paper presents a low-complexity noise reduction scheme for orthogonal frequency-division multiplexing (OFDM)-based power line communication (PLC) systems. The solution exploits the positive time-correlation between the subcarrier noise magnitudes and phases. More specifically, we performed field measurements of PLC noise conducted in seven div...
Assisted navigation applications have a relevant impact on our daily life. However, technological progress in virtualization
technologies and Software-Defined Radios recently enabled new attack vectors, namely, road traffic poisoning. These
attacks open up several dreadful scenarios, which are addressed in this contribution by identifying the assoc...
The massive deployment of IoT devices being utilized by home automation, industrial and military scenarios demands for high security and privacy standards to be achieved through innovative solutions. This paper proposes KaFHCa, a crypto-less protocol that generates shared secret keys by combining random frequency hopping collisions and source indis...
Noise modeling in power line communications has recently drawn the attention of researchers. However, when characterizing the noise process in narrowband communications, previous works have only focused on small-scale phenomena involving fine-grained details. Nevertheless, the communication link's reliability is also affected by long-term noise phe...
We present a new machine learning-based attack that exploits network patterns to detect the presence of smart IoT devices and running services in the WiFi radio spectrum. We perform an extensive measurement campaign of data collection, and we build up a model describing the traffic patterns characterizing three popular IoT smart home devices, i.e.,...
Cryptojacking occurs when an adversary illicitly runs crypto-mining software over the devices of unaware users. This novel cybersecurity attack, that is emerging in both the literature and in the wild, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently been pro...
The massive deployment of IoT devices being utilized by home automation, industrial and military scenarios demands for high security and privacy standards to be achieved through innovative solutions. This paper proposes KaFHCa, a crypto-less protocol that generates shared secret keys by combining random frequency hopping collisions and source indis...
Physical-layer security is regaining traction in the research community, due to the performance boost introduced by deep learning classification algorithms. This is particularly true for sender authentication in wireless communications via radio fingerprinting. However, previous research efforts mainly focused on terrestrial wireless devices while,...
We present a new machine learning-based attack that exploits network patterns to detect the presence of smart IoT devices and running services in the WiFi radio spectrum. We perform an extensive measurement campaign of data collection, and we build up a model describing the traffic patterns characterizing three popular IoT smart home devices, i.e.,...
Universal Serial Bus (USB) Flash Drives are nowadays one of the most convenient and diffused means to transfer files, especially when no Internet connection is available. However, USB flash drives are also one of the most common attack vectors used to gain unauthorized access to host devices. For instance, it is possible to replace a USB drive so t...
Noise modeling in power line communications has recently drawn the attention of researchers. However, when characterizing the noise process in narrowband communications, previous works have only focused on small-scale phenomena involving fine-grained details. Nevertheless, the reliability of the communication link is also affected by long-term nois...
In this paper, we study the privately-own IRIDIUM satellite constellation, to provide a location service that is independent of the GNSS. In particular, we apply our findings to propose a new GNSS spoofing detection solution, exploiting unencrypted IRIDIUM Ring Alert (IRA) messages that are broadcast by IRIDIUM satellites. We firstly reverse-engine...
Classifying a weapon based on its muzzle blast is a challenging task that has significant applications in various security and military fields. Most of the existing works rely on ad-hoc deployment of spatially diverse microphone sensors to capture multiple replicas of the same gunshot, which enables accurate detection and identification of the acou...
Universal Serial Bus (USB) Flash Drives are nowadays one of the most convenient and diffused means to transfer files, especially when no Internet connection is available. However, USB flash drives are also one of the most common attack vectors used to gain unauthorized access to host devices. For instance, it is possible to tamper with or replace a...
Navigation software apps have a huge impact on the daily commuting of people, by affecting both their estimated time of arrival and the traversed path. Indeed, such apps infer the current state of the road by relying on several information such as the position of the devices and their speed. The technological advancements in two independent fields,...
We propose JAM-ME, an autonomous jamming-assisted navigation system that allows a drone to accomplish its mission even in the presence of an anti-drone jamming protection system. In this contribution, we review the current state-of-the-art highlighting how current solutions to respond to drones are completely ineffective against JAM-ME. In particul...
We propose Picking a Needle in a Haystack (PiNcH ), a methodology
to detect the presence of a drone, its current status, and its movements by leveraging just the communication traffic exchanged between the drone and its Remote Controller (RC). PiNcH is built applying standard classification algorithms to the eavesdropped traffic, analyzing features...
A new cybersecurity attack,where an adversary illicitly runs crypto-mining software over the devices of unaware users, is emerging in both the literature and in the wild . This attack, known as cryptojacking, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently b...
In this paper, we show, for the first time in the literature, that the common assumption that jamming is an effective way to neutralise drones, is false. In particular, we propose JAM-ME a solution that allows the drone to exploit an adversarial jamming signal to implement an emergency but yet effective navigation system, enabling the drone to acco...
Wireless devices resorting to event-triggered communications have been proved to suffer critical privacy issues, due to the intrinsic leakage associated with radio frequency emissions. In this paper, we move the attack frontier forward by proposing BrokenStrokes: an inexpensive, easy to implement, efficient, and effective attack able to detect the...
We propose a methodology to detect the current status of a powered-on drone (flying or at rest), leveraging just the communication traffic exchanged between the drone and its Remote Controller (RC). Our solution, other than being the first of its kind, does not require either any special hardware or to transmit any signal; it is built applying stan...
The Global Positioning System (GPS) has been proved to be exposed to several cybersecurity attacks, due to its intrinsic insecure design. GPS spoofing is one of the most easiest, cheap, and dreadful attacks that can be delivered: fake GPS signals can be sent to a target device and make it moving according to a pre-computed path. Although some propo...
Establishing confidentiality between communicating peers is still an issue in contexts where solutions based on asymmetric keys are not viable, such as in dynamic Internet of Things (IoT) systems made up of heterogeneous and resource constrained devices.
From the current literature, channel anonymity emerges as a promising methodology able to supp...
We propose PiNcH, a methodology to detect the presence of a drone and its current status leveraging just the communication traffic exchanged between the drone and its Remote Controller (RC). PiNcH is built applying standard classification algorithms to the eavesdropped traffic, analyzing features such as packets inter-arrival time and size. PiNcH d...
A Remote Keyless Systems (RKS) is an electronic lock that controls access to a building or a vehicle without using a traditional mechanical key.
Although RKS have become more and more robust over time, in this paper we show that specifically designed attack strategies are still effective against them. In particular, we show how RKS can be exploite...
We propose Strength of Crowd (SoC), a distributed Internet of Things (IoT) protocol that guarantees message broadcast from an initiator to all network nodes in the presence of either a reactive or a proactive jammer, that targets a variable portion of the radio spectrum. SoC exploits a simple, yet innovative and effective idea: nodes not (currently...
We propose GopJam, a solution to thwart jamming from a network perspective. GopJam combines a keyless approach with a gossip-based diffusion of the information to be broadcast. To the best of our knowledge, we are the first ones to leverage these two features at the same time. Our contributions are manifold: first, we provide a theoretical model fo...