About
862
Publications
417,456
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
26,881
Citations
Introduction
Current institution
Publications
Publications (862)
Wireless sensor networks (WSNs) consist of numerous small nodes that can sense, collect, and disseminate information for many different types of applications. One of these applications is subject tracking and monitoring, in which the monitored subjects often need protection. For instance, a WSN can be deployed to monitor the movement of a panda in...
Many modern smartphones and car radios are shipped with embedded FM radio receiver chips. The number of devices with similar chips could grow very significantly if the U.S. Congress decides to make their inclusion mandatory in any portable device as suggested by organizations such as the RIAA. While the main goal of embedding these chips is to prov...
Recent studies have shown that a significant number of mobile applications, often handling sensitive data such as bank accounts and login credentials, suffers from SSL vulnerabilities. Most of the time, these vulnerabilities are due to improper use of the SSL protocol (in particular, in its handshake phase), resulting in applications exposed to man...
Smartphones are very effective tools for increasing the productivity of business users. With their increasing computational power and storage capacity, smartphones allow end users to perform several tasks and be always updated while on the move. Companies are willing to support employee-owned smartphones because of the increase in productivity of t...
On-line Social Networks (OSNs) are increasingly influencing the way people communicate with each other and share personal, professional and political information. Like the cyberspace in Internet, the OSNs are attracting the interest of the malicious entities that are trying to exploit the vulnerabilities and weaknesses of the OSNs. Increasing repor...
Despite being a legacy protocol with various known security issues, Controller Area Network (CAN) still represents the de-facto standard for communications within vehicles, ships, and industrial control systems. Many research works have designed Intrusion Detection Systems (IDSs) to identify attacks by training machine learning classifiers on bus t...
Business modelling often involves extensive data collection and analysis, raising concerns about privacy infringement. Integrating Privacy Information Retrieval (PIR) mechanisms within business models is crucial to address privacy concerns, ensure compliance with regulations, safeguard sensitive data, and maintain trust with stakeholders; however,...
Acoustic Side-Channel Attacks (ASCAs) extract sensitive information by using audio emitted from a computing devices and their peripherals. Attacks targeting keyboards are popular and have been explored in the literature. However, similar attacks targeting other human interface peripherals, such as computer mice, are under-explored. To this end, thi...
Remote Keyless Entry (RKE) systems have been the target of thieves since their introduction in automotive industry. Robberies targeting vehicles and their remote entry systems are booming again without a significant advancement from the industrial sector being able to protect against them. Researchers and attackers continuously play cat and mouse t...
The performance of distributed averaging depends heavily on the underlying topology. In various fields, including compressed sensing, multi-party computation, and abstract graph theory, graphs may be expected to be free of short cycles, i.e. to have high girth. Though extensive analyses and heuristics exist for optimising the performance of distrib...
The rapid development of quantum computers threatens traditional cryptographic schemes, prompting the need for Post-Quantum Cryptography (PQC). Although the NIST standardization process has accelerated the development of such algorithms, their application in resource-constrained environments such as embedded systems remains a challenge. Automotive...
Common Vulnerability and Exposure (CVE) records are fundamental to cybersecurity, offering unique identifiers for publicly known software and system vulnerabilities. Each CVE is typically assigned a Common Vulnerability Scoring System (CVSS) score to support risk prioritization and remediation. However, score inconsistencies often arise due to subj...
In the era of data expansion, ensuring data privacy has become increasingly critical, posing significant challenges to traditional AI-based applications. In addition, the increasing adoption of IoT devices has introduced significant cybersecurity challenges, making traditional Network Intrusion Detection Systems (NIDS) less effective against evolvi...
During criminal investigations, images of persons of interest directly influence the success of identification procedures. However, law enforcement agencies often face challenges related to the scarcity of high-quality images or their obsolescence, which can affect the accuracy and success of people searching processes. This paper introduces a nove...
The widespread adoption of Android devices for sensitive operations like banking and communication has made them prime targets for cyber threats, particularly Advanced Persistent Threats (APT) and sophisticated malware attacks. Traditional malware detection methods rely on binary classification, failing to provide insights into adversarial Tactics,...
Over the past three decades, standardizing organizations (e.g., the National Institute of Standards and Technology and Internet Engineering Task Force) have investigated the efficiency of cryptographic algorithms and provided (technical) guidelines for practitioners. For example, the (Datagram) Transport Layer Security ‘‘(D)TLS’’ 1.2/1.3 was design...
Advancements in battery technology have accelerated the adoption of Electric Vehicles (EVs) due to their environmental benefits. However, their growing sophistication introduces security and privacy challenges. Often seen as mere operational data, battery consumption patterns can unintentionally reveal critical information exploitable for malicious...
Integrating Artificial Intelligence (AI) into blockchain consensus, such as Proof-of-Learning and Proof of Useful Work, necessitates AI enablers. However, current consensus protocols cannot ensure AI enabler quality, crucial for AI-powered distributed blockchain and federated learning. Traditional consensus middleware between network and applicatio...
Model selection is a fundamental task in Machine Learning~(ML), focusing on selecting the most suitable model from a pool of candidates by evaluating their performance on specific metrics. This process ensures optimal performance, computational efficiency, and adaptability to diverse tasks and environments. Despite its critical role, its security f...
Smart grids are critical for addressing the growing energy demand due to global population growth and urbanization. They enhance efficiency, reliability, and sustainability by integrating renewable energy. Ensuring their availability and safety requires advanced operational control and safety measures. Researchers employ AI and machine learning to...
Federated Learning (FL) enables multiple users to collaboratively train a global model in a distributed manner without revealing their personal data. However, FL remains vulnerable to model poisoning attacks, where malicious actors inject crafted updates to compromise the global model's accuracy. These vulnerabilities are particularly severe in non...
Decentralised learning has recently gained traction as an alternative to federated learning in which both data and coordination are distributed over its users. To preserve the confidentiality of users' data, decentralised learning relies on differential privacy, multi-party computation, or a combination thereof. However, running multiple privacy-pr...
Federated Learning is an approach that enables multiple devices to collectively train a shared model without sharing raw data, thereby preserving data privacy. However, federated learning systems are vulnerable to data-poisoning attacks during the training and updating stages. Three data-poisoning attacks–label flipping, feature poisoning, and Vagu...
The integration of Electric Vehicles (EVs) into the energynet, the network from power generation to EV charging station, presents a symbiotic relationship with potential benefits for sustainable and efficient transportation. However, the existing research has revealed challenges in maintaining an equilibrium between energy supply and demand, often...
Crypto-ransomware attacks have been a growing threat over the last few years. The goal of every ransomware strain is encrypting user data, such that attackers can later demand users a ransom for unlocking their data. To maximise their earning chances, attackers equip their ransomware with strong encryption which produce files with high entropy valu...
The increasing complexity of modern software development necessitates tools and methodologies for code analysis, maintenance, and migration in multi-language Integrated Development Environments (IDEs). The security needs of the software development process also recently led to the introduction of the Software Bill of Materials (SBOM), which vendors...
Digital identity has always been one of the keystones for implementing secure and trustworthy communications among parties. The ever-evolving digital landscape has undergone numerous technological transformations that have profoundly reshaped digital identity management, leading to a major shift from centralized to decentralized identity models. Th...
Android operating system restricts access to data by enabling data control flow and permission systems to reduce the risk of information theft. Therefore, attackers are constantly looking for alternative and stealthy approaches to exfiltrate private data from a targeted device. This paper presents CovertPower, a covert channel attack that exfiltrat...
Smart contracts are integral to decentralized systems like blockchains and enable the automation of processes through programmable conditions. However, their immutability, once deployed, poses challenges when addressing errors or bugs. Existing solutions, such as proxy contracts, facilitate upgrades while preserving application integrity. Yet, prox...
Federated Learning (FL) has achieved extensive adoption, especially in applications like healthcare and cyber-physical systems, serving as a protective measure for data while ensuring participant privacy. In FL, adversarial attacks present a considerable risk to both the integrity of the learning model and the privacy of the distributed data. The d...
Virtualization can be defined as the backbone of cloud computing services, which has gathered significant attention from organizations and users. Due to the increasing number of cyberattacks, virtualization security has become a crucial area of study. In this paper, we propose an explainable and introspection-based malware detection approach called...
Smart Parking Services (SPSs) enable cruising drivers to find the nearest parking lot with available spots, reducing the traveling time, gas, and traffic congestion. However, drivers risk the exposure of sensitive location data during parking query to an untrusted Smart Parking Service Provider (SPSP). Our motivation arises from
a repetitive query...
Recent studies highlighted the advantages of VLC over radio technology for future 6G networks. Thanks to the use of RISs, researchers showed that is possible to guarantee communication secrecy in a VLC network where the adversary location is unknown. However, the problem of authenticating the transmitter with a low-complexity physical layer solutio...
The Internet of Vehicles (IoV) faces significant challenges related to secure authentication, efficient communication, and privacy preservation due to the high mobility of vehicles, the need for real-time data processing, varying quality of communication links, and the diverse range of devices and protocols requiring interoperability. These challen...
Malware has become a formidable threat as it has grown exponentially in number and sophistication. Thus, it is imperative to have a solution that is easy to implement, reliable, and effective. While recent research has introduced deep learning multi-feature fusion algorithms, they lack a proper explanation. In this work, we investigate the power of...
Battery-powered embedded systems (BESs) have become ubiquitous. Their internals include a battery management system (BMS), a radio interface, and a motor controller. Despite their associated risk, there is little research on BES internal attack surfaces. To fill this gap, we present the first security and privacy assessment of e-scooters internals....
Integrating modern communication technologies into legacy systems, such as Industrial Control Systems and in-vehicle networks, invalidates the assumptions of isolated and trusted operating environments. Security incidents like the 2015 Ukraine power grid attack and the 2021 compromise of a U.S. water treatment facility demonstrate how increased int...
Billions of individuals engage with Online Social Networks (OSN) daily. The owners of OSN try to meet the demands of their end-users while complying with business necessities. Such necessities may, however, lead to the adoption of restrictive data access policies that hinder research activities from "external" scientists -- who may, in turn, resort...
In the rapidly evolving landscape of cyber security, intelligent chatbots are gaining prominence. Artificial Intelligence, Machine Learning, and Natural Language Processing empower these chatbots to handle user inquiries and deliver threat intelligence. This helps cyber security knowledge readily available to both professionals and the public. Trad...
A secure Multi-Party Computation (MPC) is one of the distributed computational methods, where it computes a function over the inputs given by more than one party jointly and keeps those inputs private from the parties involved in the process. Randomization in secret sharing leading to MPC is a requirement for privacy enhancements; however, most of...
Abstract-In the Internet of Things era, the Internet demands extremely high-speed communication and data transformation. To this end, the tactile Internet has been proposed as a medium that provides the sense of touch ability, facilitating data transferability with extra-low latency in various applications ranging from industry, robotics, and healt...
Current doa estimation methods are unable to provide reliable estimates when faced with jamming attacks. To address this issue, we propose Direction of Arrival Estimation via Conditional Generative Adversarial Networks (DOA-CGAN), the first generative approach to remove the jamming component from the received signal covariance matrix. In our model,...
Drones also called Unmanned Aerial Vehicles (UAVs) have become more prominent in several applications
such as package delivery, real-time object detection, tracking, traffic monitoring, security surveillance systems,
and many others. As a key member of IoT, the group of Radio Frequency IDentification (RFID) technologies
is referred to as Automatic...
Digital identity has always been considered the keystone for implementing secure and trustworthy communications among parties. The ever-evolving digital landscape has undergone many technological transformations that have profoundly impacted digital identity management causing a first main shift from centralized to decentralized identity models. Th...
Source Inference Attack (SIA) in Federated Learning (FL) aims to identify which client used a target data point for local model training. It allows the central server to audit clients' data usage. In cross-silo FL, a client (silo) collects data from multiple subjects (e.g., individuals, writers, or devices), posing a risk of subject information lea...
![Fig. 1: Basic neuron model in ANNs and SNNs [12].](publication/384503097/figure/fig1/AS:11431281281326172@1727799093428/Basic-neuron-model-in-ANNs-and-SNNs-12_Q320.jpg)
Artificial Neural Networks (ANNs), commonly mimicking neurons with non-linear functions to output floating-point numbers, consistently receive the same signals of a data point during its forward time. Unlike ANNs, Spiking Neural Networks (SNNs) get various input signals in the forward time of a data point and simulate neurons in a biologically plau...
The success of learning-based coding techniques and the development of learning-based image coding standards, such as JPEG-AI, point towards the adoption of such solutions in different fields, including the storage of biometric data, like fingerprints. However, the peculiar nature of learning-based compression artifacts poses several issues concern...
The Software Supply Chain (SSC) security is a critical concern for both users and developers. Recent incidents, like the SolarWinds Orion compromise, proved the widespread impact resulting from the distribution of compromised software. The reliance on open-source components, which constitute a significant portion of modern software, further exacerb...
Network traffic analysis is essential for enhancing network security and management. Integrating Machine Learning and Explainable Artificial Intelligence (XAI) offers a promising avenue for exploring darknet traffic. XAI’s integration into security domains paves the way to enriching our understanding of network traffic patterns and extracting valua...
Artificial intelligence (AI)-based technologies are starting to be adopted in the industrial world in many different contexts and sectors, from health care to the automotive, from agriculture to the industrial. As such applications operate in sensitive contexts, it is natural to question: Are they cyber-secure? Can attackers exploit AI applications...
Speaker identification (SI) determines a speaker's identity based on their spoken utterances. Previous work indicates that SI deep neural networks (DNNs) are vulnerable to backdoor attacks. Backdoor attacks involve embedding hidden triggers in DNNs' training data, causing the DNN to produce incorrect output when these triggers are present during in...
Access control is an important security parameter in industrial networks; a mismanaged access control system leads to security breaches. The existing security solutions significantly consider the access control methods in the Industrial Internet of Things (IIoT); however, falsified identity can bypass the secure access control system. Thus, a centr...
The Remote ID (RID) regulation recently introduced by several aviation authorities worldwide (including the US and EU) forces commercial drones to regularly (max. every second) broadcast plaintext messages on the wireless channel, providing information about the drone identifier and current location, among others. Although these regulations increas...
The Internet of Things (IoT) is a network of interconnected objects, which congregate and exchange gigantic amounts of data. Usually, pre-deployed embedded sensors sense this massive data. Soon, several applications of IoT are anticipated to exploit emerging 6G technology. Healthcare is one of them, where the 6G-inspired paradigm may facilitate the...
Despite its well-known security issues, the Controller Area Network (CAN) is still the main technology for in-vehicle communications. Attackers posing as diagnostic services or accessing the CAN bus can threaten the drivers' location privacy to know the exact location at a certain point in time or to infer the visited areas. This represents a serio...
Generative models are gaining significant attention as potential catalysts for a novel industrial revolution. Since automated sample generation can be useful to solve privacy and data scarcity issues that usually affect learned biometric models, such technologies became widely spread in this field. In this paper, we assess the vulnerabilities of ge...
The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. As a growing number of organizations include smart, interconnected devices in their systems to automate their processes, the attack surface becomes much bigger, and the complexity and frequency of attacks pose a significant threat. Conseq...
Corporate social media analysts break influencers into five tiers of increasing importance: Nano, Micro, Mid, Macro, and Mega. We perform a comprehensive study of TikTok influencers with two goals: (i) what factors distinguish influencers in each of these tiers from the adjacent tier(s)? (ii) of the features influencers can directly control ("actio...
Malware remains a persistent threat to industrial operations, causing disruptions and financial losses. Traditional malware detection approaches struggle with the increasing complexity of false positives and negatives. However, existing Intrusion Detection Systems (IDSs) often lack the capability to assess the severity of detected malware, crucial...
The smart grid represents a pivotal innovation in modernizing the electricity sector, offering an intelligent, digitalized energy network capable of optimizing energy delivery from source to consumer. It hence represents the backbone of the energy sector of a nation. Due to its central role, the availability of the smart grid is paramount and is he...
