Simone Raponi

Centre for Maritime Research and Experimentation (CMRE) | CMRE

The explosions on September 26th, 2022, which damaged the gas pipelines of Nord Stream 1 and Nord Stream 2, have highlighted the need and urgency of improving the resilience of Underwater Critical Infrastructures (UCIs). Comprising gas pipelines and power and communication cables, these connect countries worldwide and are critical for the global ec...

Physical-layer security is regaining traction in the research community, due to the performance boost introduced by deep learning classification algorithms. This is particularly true for sender authentication in wireless communications via radio fingerprinting. However, previous research mainly focused on terrestrial wireless devices while, to the...

Classifying a weapon based on its muzzle blast is a challenging task that has significant applications in various security and military fields. Most of the existing works rely on ad-hoc deployment of spatially diverse microphone sensors to capture multiple replicas of the same gunshot, which enables accurate detection and identification of the acou...

Fake news propagation is a complex phenomenon influenced by a multitude of factors whose identification and impact assessment is challenging. Although many models have been proposed in the literature, the one capturing all the properties of a real fake-news propagation phenomenon is inevitably still missing. Modern propagation models, mainly inspir...

Multi-Factor Authentication (MFA) schemes currently used for verifying the authenticity of Internet banking transactions rely either on dedicated devices (namely, tokens) or on out-of-band channels—typically, the mobile cellular network. However, when both the dedicated devices and the additional channel are not available and the Primary Authentica...

Assisted navigation applications have a relevant impact on our daily life. However, technological progress in virtualization technologies and Software-Defined Radios recently enabled new attack vectors, namely, road traffic poisoning. These attacks open up several dreadful scenarios, which are addressed in this contribution by identifying the assoc...

The massive deployment of IoT devices being utilized by home automation, industrial and military scenarios demands for high security and privacy standards to be achieved through innovative solutions. This paper proposes KaFHCa, a crypto-less protocol that generates shared secret keys by combining random frequency hopping collisions and source indis...

Noise modeling in power line communications has recently drawn the attention of researchers. However, when characterizing the noise process in narrowband communications, previous works have only focused on small-scale phenomena involving fine-grained details. Nevertheless, the communication link's reliability is also affected by long-term noise phe...

The fast-paced technological advancements of the last decades have led to digitizing an ever-increasing amount of information, processes, and activities. A wide range of new digital devices have made our lives easier, faster, and funnier, quickly becoming indispensable for both work and daily life. As a result, the digital realm has dramatically ex...

Cryptojacking occurs when an adversary illicitly runs crypto-mining software over the devices of unaware users. This novel cybersecurity attack, that is emerging in both the literature and in the wild, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently been pro...

Technology has, to different degrees, always been part of the financial world, starting from the 1950s with the introduction of credit cards and ATMs, passing through electronic trading floors and personal finance apps, until present days where technologies such as Artificial Intelligence (AI), High-Frequency Trading (HFT), and cryptocurrencies are...

The rise of new technologies, including Online Social Network (OSN)s, media sharing services, online discussion boards, and online instant messaging applications, make information production and propagation increasingly fast.

If the economy is the backbone of a country, business entities define and affect its movements. Those entities produce business that, with the provision of goods, services, and jobs, is confirmed as one of the key pillars of the nation. Business, among the other things, defines the direction in which the nation is moving toward the world economy. T...

A cryptocurrency is a digital asset designed to serve as a medium of exchange that should be an alternative to the classic fiat currency. The idea of bringing money from the physical to the digital realm has been investigated since the 1980s, with many attempts to create digital cash systems. Over the years, several researchers have tried to implem...

Since the dawn of Humanity, the progress machine tirelessly introduced tools and resources that facilitated our everyday tasks. Over the years, new technologies have continually changed society with novel discoveries and inventions that proved capable of greatly improving human life. Historically, many of the processes that radically changed human...

Critical Infrastructure represents an umbrella term used by governments to group all those resources that are essential for the economic, financial, and social system of a country. The Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience, issued by the President of the United States in 2013, advances a national...

This book revises the strategic objectives of Information Warfare, interpreting them according to the modern canons of information age, focusing on the fabric of society, the economy, and critical Infrastructures. The authors build plausible detailed real-world scenarios for each entity, showing the related possible threats from the Information War...

Single-factor password-based authentication is generally the norm to access on-line Websites. While single-factor authentication is well known to be a weak form of authentication, a further concern arises when considering the possibility for an attacker to recover the user passwords by leveraging the loopholes in the password recovery mechanisms. I...

The massive deployment of IoT devices being utilized by home automation, industrial and military scenarios demands for high security and privacy standards to be achieved through innovative solutions. This paper proposes KaFHCa, a crypto-less protocol that generates shared secret keys by combining random frequency hopping collisions and source indis...

Physical-layer security is regaining traction in the research community, due to the performance boost introduced by deep learning classification algorithms. This is particularly true for sender authentication in wireless communications via radio fingerprinting. However, previous research efforts mainly focused on terrestrial wireless devices while,...

Noise modeling in power line communications has recently drawn the attention of researchers. However, when characterizing the noise process in narrowband communications, previous works have only focused on small-scale phenomena involving fine-grained details. Nevertheless, the reliability of the communication link is also affected by long-term nois...

The technological advances made in the last twenty years radically changed our society, improving our lifestyle in almost every aspect of our daily life. This change directly affects human habits, transforming the way people share information and knowledge. The exponential technological advancement, together with the related information deluge, are...

Vessels cybersecurity is recently gaining momentum, as a result of a few recent attacks to vessels at sea. These recent attacks have shacked the maritime domain, which was thought to be relatively immune to cyber threats. The cited belief is now over, as proved by recent mandates issued by the International Maritime Organization (IMO). According to...

Vessels cybersecurity is gaining momentum as a result of a few recent attacks on vessels at sea. These recent attacks have shocked the maritime domain, which was thought to be relatively immune to cyber threats. That belief is now over, as proved by recent mandates issued by the International Maritime Organization. According to these regulations, a...

Classifying a weapon based on its muzzle blast is a challenging task that has significant applications in various security and military fields. Most of the existing works rely on ad-hoc deployment of spatially diverse microphone sensors to capture multiple replicas of the same gunshot, which enables accurate detection and identification of the acou...

Single-factor password-based authentication is generally the norm to access on-line Websites. While single-factor authentication is well known to be a weak form of authentication, a further concern arises when considering the possibility for an attacker to recover the user passwords by leveraging the loopholes in the password recovery mechanisms. I...

Navigation software apps have a huge impact on the daily commuting of people, by affecting both their estimated time of arrival and the traversed path. Indeed, such apps infer the current state of the road by relying on several information such as the position of the devices and their speed. The technological advancements in two independent fields,...

A new cybersecurity attack,where an adversary illicitly runs crypto-mining software over the devices of unaware users, is emerging in both the literature and in the wild . This attack, known as cryptojacking, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently b...

In this paper we are concerned with geolocating the anonymous crowds of Dark Web forums. We do not focus on single users, but on the crowd as a whole. We work in two directions: The first idea is to exploit the time of all posts in the Dark Web forums to build profiles of the visiting crowds and to match the crowd profiles to that of users from kno...

Slides of the paper Intrusion Detection at the Network Edge: Solutions, Limitations, and Future Directions, presented in the 2019 International Conference on Edge Computing June 25 - June 30, 2019, San Diego, USA

The low-latency, high bandwidth capabilities promised by 5G, together with the diffusion of applications that require high computing power and, again, low latency (such as videogames), are probably the main reasons-though not the only one-that have led to the introduction of a new network architecture: Fog Computing, that consists in moving the com...

Wireless devices resorting to event-triggered communications have been proved to suffer critical privacy issues, due to the intrinsic leakage associated with radio frequency emissions. In this paper, we move the attack frontier forward by proposing BrokenStrokes: an inexpensive, easy to implement, efficient, and effective attack able to detect the...

The Software Defined Networking (SDN) paradigm decouples the logic module from the forwarding module on traditional network devices, bringing a wave of innovation to computer networks. Firewalls, as well as other security appliances, can largely benefit form this novel paradigm. Firewalls can be easily implemented by using the default OpenFlow rule...

The widespread usage of password authentication in online websites leads to an ever-increasing concern, especially when considering the possibility for an attacker to recover the user password by leveraging the loopholes in the password recovery mechanisms. Indeed, if a website adopts a poor password management system, this choice makes useless eve...

Slides of the paper "A Spark is Enough in a Straw World: A Study of Websites Password Management in the Wild"

Dark Web platforms like the infamous Silk Road market, or other cyber-criminal or terrorism related forums, are only accessible by using anonymity mechanisms like Tor. In this paper we are concerned with geolocating the crowds accessing Dark Web forums. We do not focus on single users. We aim at uncovering the geographical distribution of groups of...

Slides of the published paper "Docker ecosystem -- Vulnerability Analysis"

Cloud based infrastructures have typically leveraged virtualization. However, the need for always shorter development cycles, continuous delivery and cost savings in infrastructures, led to the rise of containers. Indeed, containers provide faster deployment than virtual machines and near-native performance. In this paper, we study the security imp...