Savio Sciancalepore

Savio Sciancalepore
Eindhoven University of Technology | TUE · Department of Mathematics and Computer Science

PhD

About

72
Publications
27,435
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
698
Citations
Introduction
Savio Sciancalepore is currently Assistant Professor at Eindhoven University of Technology (TU/e), Netherlands. Savio does research in Computer Science and Telecommunications Engineering, with specific focus on network security issues in wireless networks, Internet of Things (IoT), and Cyber-Physical Systems.
Additional affiliations
October 2017 - October 2020
Hamad bin Khalifa University
Position
  • PostDoc Position
Description
  • Wireless Network Security; Avionic Security; Critical Infrastructure Security; Maritime Cybersecurity
November 2015 - February 2016
University of Ljubljana
Position
  • PhD Student
Description
  • Research activities on Wireless Localization Techniques and Estimation Algorithms
March 2015 - July 2015
Politecnico di Bari
Position
  • Laboratory Assistant
Description
  • Network Security - Laboratory Assistant X.509 certificates, RADIUS, VPN, IPsec
Education
September 2011 - December 2013
Politecnico di Bari
Field of study
  • Telecommunications Engineering

Publications

Publications (72)
Article
Satellite-based Communication (SATCOM) systems are gaining renewed momentum in Industry and Academia, thanks to innovative services introduced by leading tech companies and the promising impact they can deliver towards the global connectivity objective tackled by early 6G initiatives. On the one hand, the emergence of new manufacturing processes an...
Article
Full-text available
Modern vehicular systems rely on the Global Positioning System (GPS) technology to provide accurate and timely services. However, the GPS has been proved to be characterized by an intrinsic insecure design, thus being subject to several security attacks. Current solutions can reliably detect GPS spoofing attacks leveraging the physical features of...
Conference Paper
Full-text available
Current commercial and research solutions for drones' detection do not make any assumption on the scenario deployment, as well as the unique mobility pattern associated with the drone's trajectory. Indeed, drones' trajectory is different from the one of people moving at the ground level, being independent of roads layout and obstacles on their path...
Preprint
Full-text available
Due to the frequent unauthorized access by commercial drones to Critical Infrastructures (CIs) such as airports and oil refineries, the US-based Federal Avionics Administration (FAA) recently published a new specification, namely RemoteID. The aforementioned rule mandates that all Unmanned Aerial Vehicles (UAVs) have to broadcast information about...
Article
Full-text available
The increasing popularity of autonomous and remotely-piloted drones has paved the way for several use-cases and application scenarios, including merchandise delivery, surveillance, and warfare, to cite a few. In many application scenarios, estimating with zero-touch the weight of the payload carried by a drone before it approaches could be of parti...
Article
Full-text available
Current collision avoidance techniques deployed on Unmanned Aerial Vehicles (UAVs) rely on short-range sensors, such as proximity sensors, cameras, and microphones. Unfortunately, their efficiency is significantly limited in several situations; for instance, when a remote UAV approaches at high velocity, or when the surrounding environment is impai...
Article
Full-text available
Traditional fog-enabled IoT ecosystems always assume fully-trusted and secure fog nodes, offering computational capabilities and storage space closer to constrained IoT devices. However, such security-related assumptions can easily fall when considering the exposure of fog nodes’ location, the heterogeneity of device providers, and the ease of misu...
Conference Paper
Full-text available
Internet of Things (IoT) platforms typically require IoT devices and users to provide fine-grained information to determine whether access to resources and services can be granted. However, this information can be sensitive for users and its disclosure can lead to severe privacy threats, forcing users to decide between receiving a service or protec...
Chapter
Multi-Factor Authentication (MFA) schemes currently used for verifying the authenticity of Internet banking transactions rely either on dedicated devices (namely, tokens) or on out-of-band channels—typically, the mobile cellular network. However, when both the dedicated devices and the additional channel are not available and the Primary Authentica...
Preprint
Full-text available
Satellite-based Communication (SATCOM) systems are gaining renewed momentum in Industry and Academia, thanks to innovative services introduced by leading tech companies and the promising impact they can deliver towards the global connectivity objective tackled by early 6G initiatives. On the one hand, the emergence of new manufacturing processes an...
Conference Paper
Full-text available
To enable enhanced accountability of Unmanned Aerial Vehicles (UAVs) operations, the US-based Federal Avionics Administration (FAA) recently published a new dedicated regulation, namely RemoteID, requiring UAV operators to broadcast messages reporting their identity and location. The enforcement of such a rule, mandatory by 2022, generated signific...
Conference Paper
Full-text available
Traditional studies on jamming effectiveness and propagation over the wireless channel assume ideal theoretical models, such as Friis and Rician. However, the cited models have been hardly validated by on-field assessments in real jamming scenarios. To the best of our knowledge, we are the first ones to fill the highlighted gap. In particular, our...
Article
Full-text available
Assisted navigation applications have a relevant impact on our daily life. However, technological progress in virtualization technologies and Software-Defined Radios recently enabled new attack vectors, namely, road traffic poisoning. These attacks open up several dreadful scenarios, which are addressed in this contribution by identifying the assoc...
Conference Paper
Full-text available
Energy depletion attacks represent a challenging threat towards the secure and reliable deployment of low-power Internet of Things (IoT) networks. Indeed, by simply transmitting canning standard-compliant packets to a target IoT device, an adversary can quickly exhaust target devices' available energy and reduce network lifetime, leading to extensi...
Article
Full-text available
Automatic Identification System (AIS) is the de-facto communication standard used by vessels to broadcast identification and position information. However, being AIS communications neither encrypted nor authenticated, they can be eavesdropped and spoofed by adversaries, leading to potentially threatening scenarios. In this paper, we propose Auth-AI...
Article
Full-text available
Range queries are widely used in several Internet of Things (IoT) applications as a general strategy to improve the efficiency of the system. However, the communication patterns generated by the IoT nodes could lead to the identification of the devices satisfying the query, as well as to the disclosure of the queried data. State-of-the-art solution...
Article
Full-text available
The lack of message encryption characterizing wireless avionic protocols, including Automatic Dependent Surveillance-Broadcast (ADS-B), recently favored the rise of a few communities that, gathering data collected by receivers at the ground or in space, offer advanced services, while at the same time releasing the cited data to the public. In this...
Preprint
Full-text available
Physical-layer security is regaining traction in the research community, due to the performance boost introduced by deep learning classification algorithms. This is particularly true for sender authentication in wireless communications via radio fingerprinting. However, previous research efforts mainly focused on terrestrial wireless devices while,...
Article
Full-text available
Universal Serial Bus (USB) Flash Drives are nowadays one of the most convenient and diffused means to transfer files, especially when no Internet connection is available. However, USB flash drives are also one of the most common attack vectors used to gain unauthorized access to host devices. For instance, it is possible to replace a USB drive so t...
Article
Full-text available
The recent advancements in hardware miniaturization capabilities have boosted the diffusion of systems based on Energy Harvesting (EH) technologies, as a means to power embedded wireless devices in a sustainable and low-cost fashion. Despite the undeniable management advantages, the intermittent availability of the energy source and the limited pow...
Conference Paper
Full-text available
Modern vessels increasingly rely on the Automatic Identification System (AIS) digital technology to wirelessly broadcast identification and position information to neighboring vessels and ports. AIS is a time-slotted protocol that also provides unicast messages-usually employed to manage self-separation and to exchange safety information. However,...
Preprint
Full-text available
In this paper, we study the privately-own IRIDIUM satellite constellation, to provide a location service that is independent of the GNSS. In particular, we apply our findings to propose a new GNSS spoofing detection solution, exploiting unencrypted IRIDIUM Ring Alert (IRA) messages that are broadcast by IRIDIUM satellites. We firstly reverse-engine...
Preprint
Full-text available
Vessels cybersecurity is recently gaining momentum, as a result of a few recent attacks to vessels at sea. These recent attacks have shacked the maritime domain, which was thought to be relatively immune to cyber threats. The cited belief is now over, as proved by recent mandates issued by the International Maritime Organization (IMO). According to...
Article
Full-text available
Vessels cybersecurity is gaining momentum as a result of a few recent attacks on vessels at sea. These recent attacks have shocked the maritime domain, which was thought to be relatively immune to cyber threats. That belief is now over, as proved by recent mandates issued by the International Maritime Organization. According to these regulations, a...
Preprint
Full-text available
The increasing popularity of autonomous and remotely-piloted drones have paved the way for several use-cases, e.g., merchandise delivery and surveillance. In many scenarios, estimating with zero-touch the weight of the payload carried by a drone before its physical approach could be attractive, e.g., to provide an early tampering detection. In this...
Preprint
Full-text available
The recent advancements in hardware miniaturization capabilities have boosted the diffusion of systems based on Energy Harvesting (EH) technologies, as a means to power embedded wireless devices in a sustainable and low-cost fashion. Despite the undeniable management advantages, the intermittent availability of the energy source and the limited pow...
Preprint
Full-text available
Universal Serial Bus (USB) Flash Drives are nowadays one of the most convenient and diffused means to transfer files, especially when no Internet connection is available. However, USB flash drives are also one of the most common attack vectors used to gain unauthorized access to host devices. For instance, it is possible to tamper with or replace a...
Preprint
Full-text available
Navigation software apps have a huge impact on the daily commuting of people, by affecting both their estimated time of arrival and the traversed path. Indeed, such apps infer the current state of the road by relying on several information such as the position of the devices and their speed. The technological advancements in two independent fields,...
Article
Full-text available
Short-range audio channels have appealing distinguishing characteristics: ease of use, low deployment costs, and easy to tune frequencies, to cite a few. Moreover, thanks to their seamless adaptability to the security context, many techniques and tools based on audio signals have been recently proposed. However, while the most promising solutions a...
Preprint
Full-text available
Short-range audio channels have a few distinguishing characteristics: ease of use, low deployment costs, and easy to tune frequencies, to cite a few. Moreover, thanks to their seamless adaptability to the security context, many techniques and tools based on audio signals have been recently proposed. However, while the most promising solutions are t...
Article
Full-text available
We propose Picking a Needle in a Haystack (PiNcH ), a methodology to detect the presence of a drone, its current status, and its movements by leveraging just the communication traffic exchanged between the drone and its Remote Controller (RC). PiNcH is built applying standard classification algorithms to the eavesdropped traffic, analyzing features...
Article
Full-text available
Certificateless Public Key Cryptography (CL-PKC) schemes are particularly robust against the leakage of secret information stored on a Trusted Third Party (TTP). These security features are particularly relevant for Internet of Things (IoT) domains, where the devices are typically pre-configured with secret keys, usually stored locally on the TTP f...
Article
Full-text available
Electronic Warfare (EW) scenarios contemplate powerful and stealthy jamming attacks, able to disrupt any competing wireless communication in the target area. Reactive jamming techniques are especially suitable to this aim. Indeed, by first eavesdropping on the whole radio spectrum used for communications, and then timely injecting random noise as...
Conference Paper
Full-text available
OpenSky Network leverages the freely accessible data generated by the aircraft through the Automatic Dependent Surveillance-Broadcast (ADS-B) technology to create a participatory global open-access network, where individuals, industries, and academia can freely contribute and obtain data. Indeed, avionic data are acquired through on-ground general...
Article
Full-text available
The Automatic Dependent Surveillance-Broadcast (ADS-B) technology, already deployed by the major avionics companies (e.g. QatarAirways and AmericanAirlines), will become mandatory on board of civil and military aircraft flying in Class A, B, and C airspaces by 2020, enabling direct airplanes communications and enhanced flights monitoring. However,...
Conference Paper
Full-text available
The increasing integration of information and communication technologies has undoubtedly boosted the efficiency of Critical Infrastructures (CI). However, the first wave of IoT devices, together with the management of enormous amount of data generated by modern CIs, has created serious architectural issues. While the emerging Fog and Multi-Access E...
Preprint
Full-text available
Wireless devices resorting to event-triggered communications have been proved to suffer critical privacy issues, due to the intrinsic leakage associated with radio frequency emissions. In this paper, we move the attack frontier forward by proposing BrokenStrokes: an inexpensive, easy to implement, efficient, and effective attack able to detect the...
Conference Paper
Full-text available
In this paper we propose DRAKE, a distributed relay-assisted key establishment protocol working at the physical layer of a wireless network. DRAKE leverages the superposition of the signals emitted by dedicated relays to provide a symmetric key to a remote constrained device, by requiring zero transmissions from this device. Requiring zero transm...
Conference Paper
Full-text available
We propose a methodology to detect the current status of a powered-on drone (flying or at rest), leveraging just the communication traffic exchanged between the drone and its Remote Controller (RC). Our solution, other than being the first of its kind, does not require either any special hardware or to transmit any signal; it is built applying stan...
Conference Paper
Full-text available
The Global Positioning System (GPS) has been proved to be exposed to several cybersecurity attacks, due to its intrinsic insecure design. GPS spoofing is one of the most easiest, cheap, and dreadful attacks that can be delivered: fake GPS signals can be sent to a target device and make it moving according to a pre-computed path. Although some propo...
Conference Paper
Full-text available
The Automatic Dependent Surveillance - Broadcast (ADS-B) technology promises to enhance the safety of civil avionics by diffusing flight data in a more efficient, timely, and easy to access fashion. Moreover, its adoption is mandatory by 2020. However, the quality of the communication is not completely satisfactory. Indeed, packets are lost for a n...
Article
Full-text available
Establishing confidentiality between communicating peers is still an issue in contexts where solutions based on asymmetric keys are not viable, such as in dynamic Internet of Things (IoT) systems made up of heterogeneous and resource constrained devices. From the current literature, channel anonymity emerges as a promising methodology able to supp...
Preprint
Full-text available
We propose PiNcH, a methodology to detect the presence of a drone and its current status leveraging just the communication traffic exchanged between the drone and its Remote Controller (RC). PiNcH is built applying standard classification algorithms to the eavesdropped traffic, analyzing features such as packets inter-arrival time and size. PiNcH d...
Chapter
Full-text available
Automatic Dependent Surveillance - Broadcast (ADS-B) is the next generation communication technology selected for allowing commercial and military aircraft to deliver flight information to both ground base stations and other airplanes. Today, it is already on-board of 80% of commercial aircraft, and it will become mandatory by the 2020 in the US an...
Article
Full-text available
We propose Strength of Crowd (SoC), a distributed Internet of Things (IoT) protocol that guarantees message broadcast from an initiator to all network nodes in the presence of either a reactive or a proactive jammer, that targets a variable portion of the radio spectrum. SoC exploits a simple, yet innovative and effective idea: nodes not (currently...
Preprint
Full-text available
Automatic Dependent Surveillance - Broadcast (ADS-B) is the next generation communication technology selected for allowing commercial and military aircraft to deliver flight information to both ground base stations and other airplanes. Today, it is already on-board of 80% of commercial aircraft, and it will become mandatory by the 2020 in the US an...
Article
Full-text available
While enabling brand new services and opportunities, the federation of vertical Internet of Things platforms presents new challenges in terms of secure and controlled access to heterogeneous resources, especially when authorization permissions must be regulated by multiple decentralized authorities. The work presented herein designs, develops, and...
Conference Paper
Full-text available
We introduce Shooting to the Stars, in short SttS, a secure location verification algorithm leveraging Meteor Burst Communications (MBC)-the ephemeral, ionized stripe generated by meteors. SttS leverages intrinsic peculiarities of MBC, such as robustness to both eavesdropping and jamming, while also enjoying ease of deployment and secure authentica...