Gianluca Dini

• PhD in Computer Engineering
• Professor (Full) at University of Pisa

Despite the many consensus algorithms being used in blockchains, proof of work (PoW) is still the most common nowadays. The state-of-the-art mining strategy for PoW-based blockchain protocols consists of including as many transactions as possible in a block to maximize the block reward. Unfortunately, this strategy maximizes the block orphaning pro...

In systems in which many heterogeneous agents operate autonomously, with competing goals and without a centralized planner or global information repository, safety and performance can only be guaranteed by “social” rules imposed on the behavior of individual agents. Social laws are structured in a way that they can be verified just by using local i...

Purpose Information security awareness (ISA) mainly refers to those aspects that need to be addressed to effectively respond to information security challenges. This research used focus groups to empirically investigate the main ISA dimensions that emerge from the Italian public health-care sector. This study aims to identify the most critical dime...

The Firmware Over-The-Air (FOTA) technology aims at updating the firmware of mobile computing devices via wireless. In the automotive industry, FOTA can keep the firmware of the various electronic controllers up-to-date without any manual intervention, so that to improve the operational performance and quickly fix the security vulnerabilities of ve...

Lo Smart-Working, soprattutto dopo la pandemia causata da Covid-19, è diventato una modalità lavorativa molto diffusa. A fronte degli innegabili vantaggi, esistono anche formidabili sfide da affrontare, tra cui la cybersecurity. Oltre alle soluzioni tecnologiche, la cyber awareness e la cyber organizational culture si attestano come approccio integ...

I più recenti ed autorevoli report in tema di cybersecurity sottolineano come gli attacchi informatici, se pur diretti a tutti i tipi di organizzazioni, sono particolarmente indirizzati verso quelle piccole e molto piccole. Nonostante ciò, il livello di preparazione delle Piccole e Medie Imprese (PMI) Italiane in tema di cybersecurity è ad oggi poc...

To maintain a secured, universal state of a blockchain, Proof-of-Work consensus algorithms economically incentivize miners to compete for block creation through hashing-based challenge solving. Nowadays, the default mining strategy consists in including as many transactions as possible in a block so as to maximize the block reward. Unfortunately, t...

Le organizzazioni non fanno abbastanza per affrontare le minacce informatiche. Mancano competenze e risorse, ma soprattutto la consapevolezza del rischio. Uno strumento permette di valutare il grado di preparazione e migliorare le competenze.

The Internet of Things (IoT) is an information service paradigm based on the integration of smart objects, mobile devices, and computers via the Internet. IoT technologies are key enablers for a multitude of applications in diverse fields, such as digital health, smart city, industrial automation, and supply chain. This raises new security and priv...

Regulating the access to the Internet of Things (IoT) network’s resources is a complex-prone task, which requires to pay a great attention on how policies are defined, shared, and enforced. The present paper considers the specific context of a smart home, which represents one of the main IoT application domains, and it focuses on two solutions prop...

When designing Wireless Sensor Networks it is important to analyze their security risks and provide adequate solutions for protecting them from malicious attacks. Unfortunately, perfect security cannot be achieved, for performance reasons. Therefore, designers have to devise security priorities, and select security mechanisms accordingly. However,...

This paper describes the SAPIENT system, a real-time monitoring and control infrastructure for Air Traffic Man-agement. Within the latter, aircrafts constantly measure the state and quality of their datalinks, and report these measurements to a ground entity, tagging them with a time/space reference. The ground entity, then, builds a map of the mon...

Information technologies are nowadays part of industrial systems. Employees in charge of managing these systems typically have little or very little knowledge of cybersecurity. In this work we initially explore the challenges related to cybersecurity training in industrial systems and then we propose an approach based on CYBERWISER.eu cyber range p...

Attribute-Based Encryption (ABE) is an emerging cryptographic technique that allows one to embed a fine-grained access control mechanism into encrypted data. In this paper we propose a novel ABE scheme called SEA-BREW (Scalable and Efficient Abe with Broadcast REvocation for Wireless networks), which is suited for Internet of Things (IoT) and Indus...

Lately, many cloud-based applications proposed attribute-based encryption (ABE) as an all-in-one solution for achieving confidentiality and access control. Within this paradigm, data producers store the encrypted data on a semi-trusted cloud server, and users, holding decryption keys issued by a key authority, can decrypt data according to some acc...

Variable renewable energy sources are continuously increasing their share in the world energy mix. However, their uncertainty has a deep impact in the electric grid safe operation. One of the most promising solutions to tackle such challenge at a distribution grid level consists of quasi-real-time, peer-to-peer electricity markets. These can use th...

Attribute-Based Encryption (ABE) is an emerging cryptographic technique that allows one to embed a fine-grained access control mechanism into encrypted data. In this paper we propose a novel ABE scheme called SEA-BREW (Scalable and Efficient Abe with Broadcast REvocation for Wireless networks), which is suited for Internet of Things (IoT) and Indus...

This paper aims to show that it is possible to improve security for over the air update functionalities in an automotive scenario through the use of a cryptographic scheme, called “Attribute-Based-Encryption” (ABE), which grants confidentiality to the software/firmware update done Over The Air (OTA). We demonstrate that ABE is seamlessly integrable...

With reference to the MeSmart project, the Municipality of Messina is making a great investments to deploy several types of cameras and digital devices across the city for carrying out different tasks related to mobility management, such as traffic flow monitoring, number plate recognition, video surveillance etc. To this aim, exploiting specific d...

A string inverter converts the low voltage direct current coming from the string of its Photovoltaic (PV) panels into alternating current to be exported to the grid. In today Smart Grid’s context, PV plants feature clusters of cooperating smart string inverters that exchange information in a multicast fashion (typically) over the Internet Protocol...

This paper presents GREP, a novel group rekeying scheme that leverages the history of join events in order to achieve efficiency and high scalability. GREP rekeys the group with only two broadcast messages, hence displaying an overhead which is small, constant and independent of the group size. Also, GREP efficiently recovers the group from collusi...

Wireless Sensor and Actuator Networks (WSANs) will represent a key building block for the future Internet of Things, as a cheap and easily-deployable technology to connect smart devices on a large scale. In WSAN the Routing Protocol for Low-Power and Lossy Networks (RPL) has a crucial role as the standard IPv6-based routing protocol. RPL specificat...

In the near future, a technological revolution will involve our cities, where a variety of smart services based on the Internet of Things will be developed to facilitate the needs of the citizens. Sensing devices are already being deployed in urban environments, and they will generate huge amounts of data. Such data is typically outsourced to some...

Distributed ledgers allow us to replicate databases of records across mutually untrusted parties. The best known example of distributed ledger is perhaps the Bitcoin blockchain, which maintains a consistent history of financial transactions organized as a hashed chain of blocks. Distributed ledgers can be public, i.e., accessible by everyone, or pr...

This chapter presents SEA++, a simulation framework that extends OMNeT++ and the INET Framework for evaluating the impact of security attacks on networks and applications in a flexible and user-friendly way. To this end, SEA++ relies on two fundamental building blocks. First, the user describes the attacks to be evaluated by using a high-level Atta...

The MAC standard amendment IEEE 802.15.4e is designed to meet the requirements of industrial and critical applications. In particular, the Time Slotted Channel Hopping (TSCH) mode divides time into periodic, equally sized, slotframes composed of transmission timeslots. Then, it combines time slotted access with multichannel and channel hopping capa...

This paper presents an approach for enhancing the design phase of AUTOSAR models when security annotations are required. The approach is based on information flow analysis and abstract interpretation. The analysis evaluates the correctness of the model by assessing if the flow of data is secure with respect to causal data dependencies within the mo...

In the near future, a technological revolution will involve our cities, where a variety of smart services based on the Internet of Things will be developed to facilitate the needs of the citizens. Sensing devices are already being deployed in urban environments, and they will generate huge amounts of data. Such data are typically outsourced to some...

The SESAR (Single European Sky ATM Research) Exploratory Research project called SAPIENT (Satellite and terrestrial architectures improving performance, security and safety in ATM) is a program of the SESAR Joint Undertaking under the European Union’s Horizon 2020 research and innovation programme under grant agreement 699328 [1][2]. It aims at def...

Wireless Sensor and Actuator Networks (WSANs) will represent a key building block for the future Internet of Things, as a cheap and easily-deployable technology to connect smart devices on a large scale. In WSAN implementation, the Routing Protocol for Low-Power and Lossy Networks (RPL) has a crucial role as the standard IPv6-based routing protocol...

The capability to verify positions reported by devices is called secure location verification. The majority of the proposed solutions entail the use of many fixed anchors often along with special hardware, e.g., ultra-wideband and ultrasonic transceivers. However, the deployment and maintenance costs of such solutions make them scarcely attractive....

Recent standardization efforts are consolidating the role of RPL as the standard routing protocol for IPv6-based Wireless Sensor and Actuator Networks (WSANs). Investigating possible attacks against RPL is a top priority to improve the security of the future Internet of Things (IoT) systems. In this paper, we present the DIO suppression attack, a n...

The AUTOSAR standard acknowledges the need for improved security in automotive communications by providing a set of standard modules for encryption and authentication, to ensure confidentiality and integrity. However, these modules are not currently matched by corresponding models for security at the application level, and their use is somewhat in...

With reference to a distributed architecture consisting of sensor nodes connected by wireless links in an arbitrary network topology, we consider a segment-oriented implementation of the single address space paradigm of memory reference. In our approach, applications consist of active entities called components, which are distributed in the network...

With reference to a distributed architecture consisting of sensor nodes connected by wireless links in an arbitrary network topology, we consider a segment-oriented implementation of the single address space paradigm of memory reference. In our approach, applications consist of active entities called components, which are distributed in the network...

To address the heterogeneity and scalability issues of simulating Cooperating Objects (COs) systems, we propose Kassandra, a conceptual framework for enabling distributed COs simulation by integrating existing simulation tools. Moreover, Kassandra exploits the communication middleware used by real-world COs as underlying communication mechanism for...

In this paper, we study the sensor localization problem using a drone. Our goal is to localize each sensor in the deployment area ensuring a predefined localization precision, i.e., a bound on the position error, whatever is the drone's altitude. We show how to guarantee a-priori the precision localization by satisfying few conditions. Such conditi...

Many dependable systems rely on the integrity of the position of their components. In such systems, two key problems are secure localization and secure location verification of the components. Researchers proposed several solutions, which generally require expensive infrastructures of several fixed stations (anchors) with trusted positions. In this...

Software Defined Networking (SDN) has been recently introduced as a new communication paradigm in computer networks. By separating the control plane from the data plane and entrusting packet forwarding to straightforward switches, SDN makes it possible to deploy and run networks which are more flexible to manage and easier to configure. This paper...

Wireless sensor networks enable a wealth of new applications in areas such as military, medical, environmental, transportation, smart city, and so on. In many of these scenarios, we need to measure in a secure way the positions of the sensors. Existing range-based techniques for secure positioning require a burdensome infrastructure, with many fixe...

Distance bounding protocols make it possible to determine a trusted upper bound on the distance between two devices. Their key property is to resist reduction attacks, i.e., attacks aimed at reducing the distance measured by the protocol. Recently, researchers have also focused on enlargement attacks, aimed at enlarging the measured distance. Provi...

The increasing complexity and autonomy of modern automotive systems, together with the safety-sensitive nature of many vehicle information flows require a careful analysis of the security requirements and adequate mechanisms for ensuring integrity and confidentiality of data. This is especially true for (semi-)autonomous vehicle systems, in which u...

Android applications (apps) pose many risks to their users, e.g., by including code that may threaten user privacy or system integrity. Most of the current security countermeasures for detecting dangerous apps show some weaknesses, mainly related to users’ understanding and acceptance. Hence, users would benefit from an effective but simple techniq...

Android users are constantly threatened by an increasing number of malicious applications (apps), generically called malware. Malware constitutes a serious threat to user privacy, money, device and file integrity. In this paper we note that, by studying their actions, we can classify malware into a small number of behavioral classes, each of which...

ICT is becoming a fundamental and pervasive component of critical infrastructures (CIs). Despite the advantages that it brings about, ICT also exposes CIs to a number of security attacks that can severely compromise human safety, service availability and business interests. Although it is vital to ensure an adequate level of security, it is practic...

Time Division Multiple Access (TDMA) is often used in Wireless Sensor Networks (WSNs), especially for critical applications, as it provides high energy efficiency, guaranteed bandwidth, bounded and predictable latency, and absence of collisions. However, TDMA is vulnerable to selective jamming attacks. In TDMA transmission, slots are typically pre-...

Many dependable systems rely implicitly on the integrity of the positions of their components. For example, let us consider a sensor network for pollution monitoring: it is sufficient that a hostile actor physically moves some sensors to completely disrupt the monitoring. In such scenarios, a key question is: how to securely verify the positions of...

Location-based services rise high privacy concerns because they make it possible to collect and infer sensitive information from a person’s positions and mobility traces. Many solutions have been proposed to safeguard the users’ privacy, at least to a certain extent. However, they generally lacking convincing experimental validation with real human...

With reference to a distributed architecture consisting of sensor nodes connected in a wireless network, we present a model of a protection system based on segments and applications. An application is the result of the joint activities of a set of cooperating nodes. A given node can access a segment stored in the primary memory of a different node...

Critical infrastructures require protection systems that are both flexible and efficient. Flexibility is essential to capture the multi-organizational and state-based nature of these systems, efficiency is necessary to cope with limitations of hardware resources. To meet these requirements, we consider a classical protection environment featuring s...

The success of location-based services is growing together with the diffusion of GPS-equipped smart devices. As a consequence, privacy concerns are raising year by year. Location privacy is becoming a major interest in research and industry world, and many solutions have been proposed for it. One of the simplest and most flexible approaches is obfu...

Nowadays, wireless sensor networks (WSNs) are used in a wide range of application scenarios ranging from structural monitoring to health-care, from surveillance to industrial automation. Most of these applications require forms of secure communication. On the other hand, security has a cost in terms of reduced performance. In this paper we refer to...

The amount of Wireless Sensor Network applications requiring security is getting higher and higher and also developers that are not security experts are often required to secure their applications. Many times they do it without any consciousness of the security performance trade-off arisen by this operation.In this paper we present a method for per...

Security is getting an ever increasingly important issue in cyber-physical systems comprising autonomous systems. However, it is not possible to defend from all possible attacks for cost and performance reasons. An attack ranking is thus necessary. We propose a simulative framework that makes it possible to rank attacks according to their impact. W...

Security for mobile devices is a problem of capital importance, especially due to new threats coming from malicious applications. This has been proved by the increasing interest of the research community on the topic of security on mobile devices. Several security solutions have been recently proposed, to address the uprising threats coming from ma...

With reference to a network consisting of sensor nodes connected by wireless links, we approach the problem of the distribution of the cryptographic keys. We present a solution based on communication channels connecting sequences of adjacent nodes. All the nodes in a channel share the same key. This result is obtained by propagating the key connect...

Downloading software via Web is a major solution for publishers to deliver their software products. In this context, user interfaces for software downloading play a key role. Actually, they have to allow usable interactions as well as support users in taking conscious and coherent decisions about whether to accept to download a software product or...

Distance-bounding protocols are able to measure a secure upper bound to the distance between two devices. They are designed to resist to reduction attacks, whose objective is reducing the measured distance. In this paper we focus on the opposite problem, the enlargement attack, which is aimed at enlarging the measured distance. We analyze the feasi...

This paper addresses the problem of detecting possible intruders in a group of autonomous robots which coexist in a shared environment and interact with each other according to a set of common rules. We consider intruders as robots which misbehave, i.e. do not follow the rules, because of either spontaneous failures or malicious reprogramming. Our...

The IEEE 802.15.4 standard allows devices to access the medium not only in contention mode but also in a contention-free way, in order to support quality of service (QoS). In contention-free mode, devices access the medium according to the guaranteed time slot (GTS) mechanism, which is vulnerable to the selective jamming attack. This is a particula...

Wireless Sensor Networks (WSNs) are frequently adopted in industrial applications. However, they are particularly prone to cyber-physical attacks. Since addressing all possible attacks is not viable, due to performance and economic reasons, it is vital to choose which attacks to address and which countermeasures to adopt. Hence, a quantitative anal...

We propose PICARD (ProbabIlistic Contract on Android), a framework to generate probabilistic contracts to detect repackaged applications for Android smart phones. A contract describes the sequences of actions that an application is allowed to perform at run-time, i.e. its legal behavior. In PICARD, contracts are generated from the set of traces tha...

Wireless Sensor Networks (WSNs) are currently used in many application scenarios, including industrial applications and factory automation. In such scenarios, Time Division Multiple Access (TDMA) is typically used for data communication among sensor nodes. However, TDMA-based WSNs are particularly prone to Selective Jamming attack, a specific form...

New generation mobile devices, and their app stores, lack of a methodology to associate a level of trust to applications to faithfully represent their potential security risks. This problem is even more critical with newly published applications, for which either user reviews are missing or the number of downloads is still low. In this scenario, us...

An accurate planning and dimensioning of the network parameters and resources is paramount for the overall system to behave as expected. This is particularly important when there are more demanding quality-of-service requirements to be met, namely related to the correct and timely execution of the tasks and transmission of messages. This chapter ou...

This chapter presents the most important features of the IEEE 802.15.4 and ZigBee protocols. It particularly focuses on the Data Link and Network Layers, which are the most relevant in the context of this book. Finally, a brief discussion on the issues that the standards still leave open is presented. A possible set of solutions to those problems w...

The first part of this chapter provides an overview of an open source IEEE 802.15.4-2006 MAC implementation for the TinyOS 2 operating system. It discusses the design challenges, describes the functional decomposition of the implementation and explains what steps were necessary for the implementation to meet TinyOS 2 requirements. In the second par...

Similarly to the previous one, this chapter focuses on several amendments to the ZigBee network layer, as proposed by the standard. In particular, a cluster scheduling solution is proposed and paramount to achieve networking at larger scales, while still be able to meet the quality of service requirements. Then new routing algorithms are proposed b...

In this chapter, EMMON [1, 2], a system architecture for large-scale, dense, real-time embedded monitoring is outlined. EMMON provides a hierarchical communication architecture together with integrated middleware (MW) and command and control (C&C) software. It has been designed to use standard commercially-available technologies, while maintaining...

This chapter proposes an extension of our preliminary work [1] to address COTS-based accurate and scalable Structural Health Monitoring (SHM) systems by means of WSN, trying to overcome most if not all of the limitations identified in this field, namely by: (i) using adequate synchronization between all nodes in the network; (ii) relying on standar...

Moving from a still on-going work [1], this section reports the progress being developed towards energy-efficient operations and the integrated management of cyber and physical aspects of data centers. In particular, an integrated system composed by wired and wireless sensors is presented: it monitors power consumptions of the servers and environme...

This chapter presents specific amendments to the IEEE 802.15.4, so that some of the open issues that have been previously identified. In particular, a new implicit GTS allocation mechanism (i-GAME) is proposed that over performs the default one. Then, a node grouping mechanism (H-NAMe) is proposed so that the hidden nodes problem is mitigated and c...

This Chapter provides an overview of the performance limits of the 15.4 and ZigBee custer-tree protocols, building on the models and tools that have been presented in Chap. 3. A thorough performance analysis permitted to identify some limitations in the standard protocols, some of which we resolve with the add-ons that are presented in the second p...