(0000-0003-3044-5345)[C11] A Stochastic Geometry approach to performance modeling of SWIPT vehicular networks
22nd International Symposium on Modeling and Optimization in Mobile, Ad hoc, and Wireless Networks (WiOpt) @ Workshop on Spatial Stochastic Models for Wireless Networks (SpaSWiN),
With the increasing number of devices and the advent of 5G and 6G networks, ensuring reliable power and data connectivity remains a significant challenge, particularly in rural or remote areas. Simultaneous Wireless Information and Power Transfer (SWIPT) networks have emerged as a promising solution to power devices without batteries. However, their deployment in real-world scenarios is hindered by complex channel conditions and spatial dynamics. This research introduces a two-tier analytical model grounded in stochastic geometry, where base stations (BSs) are arranged along roads following a Poisson Line Cox Process (PLCP), while user equipment (UEs) is distributed using a Poisson Point Process (PPP). A comparative evaluation against planar PPP-based models demonstrates the performance advantages of this novel approach. Additionally, a Genetic Algorithm (GA) is applied to explore real-world scenario parameters, enhancing the model’s adaptability and performance in practical applications.
[J5] Blockchain and Federated Learning Empowered Digital Twin for Effective Healthcare
Human-centric Computing and Information Sciences
Proper exploitation of artificial intelligence (AI) models is required to achieve precise and efficient healthcare. However, this is an obstacle to the possibility of exchanging medical data, as they are considered instances of personal information and subject to data protection legislation and legal requirements. Moreover, because fully automatic decision-making leveraging AI is undesirable, and in contrast to current legislations, human-in-the-loop should be enforced. Digital twins represent a valuable solution to these issues as they allow continuous retraining with newly collected data and seamlessly integrate human intervention within AI-based solutions. However, to address the impossibility of a central node capable of collecting and processing medical data for training an AI model, a network of interacting and collaborating digital twins should be properly defined without leveraging the exchange of medical data to avoid legal issues. Federated learning (FL) alleviates this issue by exchanging model parameters; however, security is compromised by poisoning attacks. This paper presents the architecture of networked digital twins using FL for disease diagnosis across multiple healthcare providers. Moreover, we deal with data-poisoning protection by leveraging the blockchain. The proposed solutions were experimentally assessed to prove their suitability and effectiveness in addressing the introduced research challenges. We prove that under data-poisoning attacks, the achievable accuracy is close to that for the case with no attacks, with a distance of 10%, and is not affected by sudden drops, as in the case of attacks without any protection. We assessed various FL models and achieved an accuracy of approximately 0.8 within an emulated scenario affected by heterogeneities and the impossibility of sharing data samples.
[J4] Soulbound Tokens: Enabler for Privacy-Aware and Decentralized Authentication Mechanism in Medical Data Storage
Blockchain in Healthcare Today
The digitalization of the healthcare sector faces significant challenges due to the diverse representation of data and their distribution across various hospitals. Moreover, security is a key concern as healthcare-related data are subject to the legal obligations of GDPR and similar data protection legislations. Standardization efforts like HL7 have been implemented to enhance data interoperability. However, authentication still remains a critical issue, even significant challenges. This research aims to improve and strengthen the authentication process by introducing a novel architecture for decentralized authentication. Additionally, it proposes a new approach to decentralized data management, which is crucial for handling sensitive medical data efficiently. The proposed architecture adopts a user-centric approach, utilizing Self-Sovereign Identity (SSI). It introduced a new non-fungible token (NFT) type called Soulbound token (SBT) in the medical context, which will facilitate user authentication across different hospitals, effectively creating a federation of interconnected institutions. The implementation of the proposed architecture demonstrated a significant reduction in authentication time across multiple hospitals. The use of SBT ensured secure and seamless user authentication, enhancing overall system interoperability and data security. The decentralized approach also mitigated the risks associated with centralized authentication servers. The study successfully presents a novel decentralized authentication architecture for the healthcare domain, leveraging SSI and SBTs. This approach not only accelerates the authentication process but also enhances data security and interoperability among hospitals. Future research should explore the scalability of this architecture and its application in other sectors requiring stringent data security measures.
[J3] Smart Contract Vulnerability Detection: The Role of Large Language Model (LLM)
ACM SIGAPP Applied Computing Review
Smart contracts are susceptible to various vulnerabilities that can lead to significant financial losses. The usage of tools for vulnerabilities is reducing the threats but presents some limitations related to the approach used by the tool itself. This paper presents a novel approach to smart contract vulnerability detection utilizing Large Language Models (LLMs), as a tool to detect all the vulnerabilities at once. Our proposed tool leverages the advanced natural language processing capabilities of LLMs to analyze smart contract code and identify potential security flaws. By training the LLM on a diverse dataset of known smart contract vulnerabilities and secure coding practices, we enhance its ability to recognize subtle and complex vulnerabilities that traditional static analysis tools might miss. The evaluation of our tool demonstrates its effectiveness in detecting a wide range of vulnerabilities with satisfaction and accuracy, providing developers with a robust mechanism to improve the security of their smart contracts before deployment. This approach signifies a significant advancement in the application of artificial intelligence for blockchain security, highlighting the potential of LLMs to enhance the reliability and safety of decentralized applications.
[C10] Decentralized Identity Management and Privacy-Enhanced Federated Learning for Automotive Systems: A Novel Framework
2024 IEEE 27th International Symposium on Real-Time Distributed Computing (ISORC)
Federated Learning (FL) has revolutionized collaborative machine learning by decentralizing data processing, enhancing the efficiency of traditional Machine Learning (ML) approaches, and mitigating privacy concerns associated with data exchange. Despite these advantages, security challenges persist, particularly in securely transmitting model updates within vehicular networks and authenticating nodes participating in the protocol. This paper presents an innovative framework that addresses authentication and mobility challenges in automotive systems through the integration of Decentralized Identity Management (IdM) and FL. Highlighting the need for robust authentication in automotive systems, the research concurrently explores avenues to optimize FL performance within this specific context. Through the incorporation of a decentralized authentication mechanism and the establishment of synchronization means, our proposed framework ensures security and synchronization in the transmission of model weights. This comprehensive solution paves the way for notable advancements in collaborative ML in highly dense and distributed contexts, such as the vehicular networks.
[C9] Improve Wallet Interoperability and Federation in Blockchain-Based User-Centric Authentication for Healthcare
2nd International Workshop on Trends in Digital Identity (TDI 2024)
The continuous enhancement and extensive digitalization of medical services have raised various challenges regarding security and privacy. Among these, authentication is one of the most critical, considering identity spoofing and weak passwords. Recently, novel authentication methods such as user-centric authentication are trying to solve the problem by moving identity data and relative claim verification away from a centralized identity manager. When turning this paradigm into the medical domain, it is needed to encompass that not all users are equal, but certain classes are characterized by precise privileges with respect to authentication, such as doctors that must be prioritized over patients. Moreover, it is unfeasible to impose a single technology and infrastructure within an ecosystem characterized by current medical applications; therefore, multiple different solutions need to coexist. In this paper, we discuss a novel framework able to cope with the interoperability, backup and restore of Blockchain-based Self-Sovereign Identity (SSI) wallets. We particularly evaluated the system in a medical context by outlining the different roles of holders with related wallet typologies. Our approach demonstrates its feasibility through the use of a shared registry and smart contract that can smoothly work with two kinds of wallet implementation in a federation of issuers and verifiers.
[C8] VulnHunt-GPT: a Smart Contract vulnerabilities detector based on OpenAI ChatGPT
The 39th ACM/SIGAPP Symposium on Applied Computing (SAC 2024)
Smart contracts are self-executing programs that can run on a blockchain. Due to the fact of being immutable after their deployment on blockchain, it is crucial to ensure their correctness. For this reason, various approaches for static analysis of smart contracts have been proposed, but they may be on the one hand imprecise or on the other hand difficult to train. In this paper, we propose a novel approach for detecting smart contract vulnerabilities using OpenAI's Generative Pre-trained Transformer 3 (GPT-3) language model. Our approach, called VulntHunt-GPT, uses GPT-3 to examine Ethereum smart contracts in order to identify the most popular vulnerabilities according to OWASP. We train VulntHunt-GPT on a dataset of smart contract functions and vulnerabilities to improve its accuracy. Our experiments show that VulntHunt-GPT outperforms almost all the existing state-of-the-art approaches in detecting a variety of vulnerabilities, including reentrancy attacks, integer overflow, and uninitialized storage. In addition, we conduct a case study to demonstrate the effectiveness of VulntHunt-GPT in detecting real-world smart contract vulnerabilities. We show that VulntHunt-GPT can identify previously unknown vulnerabilities in popular smart contracts, highlighting its potential for improving smart contract security. Our approach provides a promising direction for using natural language processing techniques to improve smart contract security and reduce the risk of smart contract exploits.
[C7] Ethereum Attestation Service as a solution for the revocation of hardware-based password-less mechanisms
The 39th ACM/SIGAPP Symposium on Applied Computing (SAC 2024)
Hardware-based solutions are becoming more and more popular as a result of the increased need for practical and safe authentication methods. However, one of the key challenges in these systems is the lack of a robust mechanism to revoke compromised credentials effectively. The Ethereum Attestation Service (EAS), which uses the blockchain-based Ethereum platform to create a decentralized, tamper-resistant infrastructure for credential attestation and revocation, is presented in this article as a novel solution to this critical issue. By combining the transparency and immutability of blockchain technology with smart contracts and cryptographic techniques, the EAS enables secure and auditable management of certificates. The conducted study investigates the limitations of existing revocation methods of password-less mechanisms and proposes the EAS as a viable alternative. In the design phase, the paper demonstrates the system's efficiency in handling attestation requests, verifying attestations, and securely managing revocations. EAS excels in providing reliable revocation, thereby reducing the risks associated with compromised hardware-based passwordless systems. Moreover, this research explores the benefits of EAS-based revocation within the IoT context, where Physically Unclonable Functions (PUFs) face similar challenges as HSMs. Experimental results, obtained in a testnet environment, reveal reduced authentication times, making this solution suitable for real-time scenarios as well.
[C6] Enhancing Security in User-Centered Authentication using KERI
The 32nd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP 2024)
In the context of the widespread adoption of user-centric authentication methods, safeguarding the confidentiality of private keys during the exchange of credentials has become a critical concern. Key Event Receipt Infrastructure (KERI), distinguished by its distinctive design focusing on key events and receipts, aligns seamlessly with the ethos of user-centric authentication, eschewing the necessity for blockchain integration. This research leverages the architectural model of KERI to discern potential implications within the contemporary landscape of Self-Sovereign Identity (SSI) ecosystems, thereby contributing to the evolution of identity management practices. The need for this research arises from the recognition that while SSI obviates the need for central authorities, thereby augmenting privacy and security, the imperative to preserve and securely store private keys persists. Our primary findings confirm that the integration of KERI within the SSI ecosystem provides a more resilient protocol for authentication by preventing the exchange of any kind of key used for the generation of the proof. This approach aims to prevent attacks in line with the principles of decentralization and trustlessness inherent in blockchain technologies. This research contributes to the expanding body of literature devoted to security and access management within the dynamic realm of user-centric applications and authentication.
[J2] Securing the Internet of Medical Things with ECG-based PUF encryption
IET Cyber-Physical Systems: Theory & Applications
The Internet of Things (IoT) is revolutionizing the healthcare industry by enhancing personalized patient care. However, the transmission of sensitive health data in IoT systems presents significant security and privacy challenges, further exacerbated by the difficulty of exploiting traditional protection means due to poor battery equipment and limited storage and computational capabilities of IoT devices. The authors analyze techniques applied in the medical context to encrypt sensible data and deal with the unique challenges of resource-constrained devices. A technique that is facing increasing interest is the Physical Unclonable Function (PUF), where biometrics are implemented on integrated circuits' electric features. PUFs, however, demand special hardware, so in this work, instead of considering the physical device as a source of randomness, an ElectroCardioGram (ECG) can be taken into consideration to make a ‘virtual’ PUF. Such an mechanism leverages individual ECG signals to generate a cryptographic key for encrypting and decrypting data. Due to the poor stability of the ECG signal and the typical noise existing in the measurement process for such a signal, filtering and feature extraction techniques must be adopted. The proposed model considers the adoption of pre-processing techniques in conjunction with a fuzzy extractor to add stability to the signal. Experiments were performed on a dataset containing ECG records gathered over 6 months, yielding good results in the short term and valuable outcomes in the long term, paving the way for adaptive PUF techniques in this context.
[C5] Decentralized Authentication for Web of Things: a Self-Sovereign Identity (SSI)-based solution
2024 International Conference on Computing, Networking and Communications (ICNC): Edge Computing, Cloud Computing and Big Data
As the Internet of Things (IoT) continues to expand its reach, encompassing a vast array of devices and applications, including mission-critical ones, the need for secure and privacy-aware solutions increases. Traditional centralized authentication mechanisms may not be suitable for the highly distributed and heterogeneous nature of IoT environments, and they also have a very high demand in terms of energy and memory, which does not match the availability of resource-constrained devices. In this study, we suggest a novel solution to these difficulties based on Self-Sovereign Identity (SSI) principles, while taking into account the innovative Web of Things (WoT) architecture. It discusses how these elements from SSI can be applied in a WoT environment to establish trust between devices, users, and applications. Additionally, the paper explores the potential challenges and opportunities of integrating SSI into the WoT ecosystem, such as scalability, interoperability, and authentication. Through a comprehensive analysis of the SSI paradigm and its applicability in the WoT context, this paper sheds light on the transformative potential of device-centric identity management. It underscores the importance of privacy, security, and individual control in an increasingly interconnected world, advocating for SSI as a solution that aligns with the values of the digital age. By embracing SSI, stakeholders in the WoT ecosystem can ensure a more secure and trustworthy environment for all parties.
[U1] Green Operations of SWIPT Networks: The Role of End-User Devices
Submitted to IEEE Transactions on Green Communications and Networking
Internet of Things (IoT) devices often come with batteries of limited capacity that are not easily replaceable or rechargeable, and that constrain significantly the sensing, computing, and communication tasks that they can perform. The Simultaneous Wireless Information and Power Transfer (SWIPT) paradigm addresses this issue by delivering power wirelessly to energy-harvesting IoT devices with the same signal used for information transfer. For their peculiarity, these networks require specific energy-efficient planning and management approaches. However, to date, it is not clear what are the most effective strategies for managing a SWIPT network for energy efficiency. In this paper, we address this issue by developing an analytical model based on stochastic geometry, accounting for the statistics of user-perceived performance and base station scheduling. We formulate an optimization problem for deriving the energy optimal configuration as a function of the main system parameters, and we propose a genetic algorithm approach to solve it. Our results enable a first-order evaluation of the most effective strategies for energy-efficient provisioning of power and communications in a SWIPT network. We show that the service capacity brought about by users brings energy-efficient dynamic network provisioning strategies that radically differ from those of networks with no wireless power transfer.
[J1] Strengthening Automotive Cybersecurity: A Comparative Analysis of ISO/SAE 21434-Compliant Automatic Collision Notification (ACN) Systems
Vehicles 2023
The increasing usage of autonomous and automatic systems within the automotive industry is steering us towards a more interconnected world. This enhanced interconnectivity fosters a more streamlined driving experience, reduces costs, and provides timely driver assistance. The electric/electronic (EE) architectures of modern vehicles are inherently complex due to the multitude of components they encompass. Contemporary architectures reveal that these components converge at an electronic control unit (ECU) called the central gateway, which could potentially represent a single point of failure. While this central unit is typically adequately safeguarded, the same cannot be said for the connected components, which often remain vulnerable to cyber threats. The ISO/SAE 21434 standard paved the way for automotive cybersecurity and could be used in parallel with other standards such as ISO 26262 and ISO PAS 21488. Automatic collision notification (ACN) is one of the most typical systems in a vehicle, and limited effort has been dedicated to identifying the most suitable architecture for this feature. This paper addresses the existing security and privacy gap of this feature by conducting a comparative analysis of security threats in two distinct ACN architectures. Notably, despite ACN architectures exhibiting inherent similarities, the primary distinction between the two architectures lies in their strategies for crash estimation and detection, followed by subsequent communication with emergency response teams. A rigorous security assessment was conducted using the ISO/SAE 21434 standard, employing the TARA and STRIDE methodologies through the Ansys medini analyze software. This analysis identified an average of 310 threats per architecture, including a significant number of high-level threats (11.8% and 15%, respectively), highlighting the importance of a comprehensive evaluation.
[C4] Decentralized Authentication in Microservice Architectures with SSI and DID in Blockchain
The 14th ieee international conference on Cloud Computing Technology and Science - CloudCom 2023
Microservice architectures aim at high modularity, reuse, and efficiency of code by structuring applications as a collection of services that are independently deployable, loosely coupled, and organized around business capabilities. As they are starting to be used in sensitive applications, security has started to be a priority, where authentication is one of the first protection means to be offered to developers by those products supporting microservice development. However, the available authentication solutions in these products are highly centralized, leveraging JSON Web Token (JWT) or related standards. This poses a serious issue in meeting the recent privacy legal obligations. In this paper, we propose a solution for integrating a decentralized blockchain-based authentication solution within the context of Istio, which is a service mesh supporting microservice developments. The usage of a Smart Contract, in combination with Decentralized Identifiers (DIDs) and JWT, paves the way for a concrete and fully decentralized revocation system without adding overhead or modification to existing microservices.
[C3] Using Knowledge Graphs to ensure Privacy Policies in decentralized data collection systems
2023 International Conference on Research in Adaptive and Convergent Systems - RACS 2023
As data collection systems become more complex and pervasive, ensuring transparency and accountability in the acquisition and use of personal data becomes increasingly critical. This work investigates the use of knowledge graphs as a solution to this problem, emphasizing their capacity to represent and enforce privacy laws in a decentralized setting. Knowledge graphs provide full privacy management and can be applied also to decentralized systems by providing a consistent representation of data and privacy policies. We specifically discuss how knowledge graphs can be used to track consent management and data retention policies; we also present a case study of our framework in action, demonstrating how it can be used to ensure transparency in an increasingly popular decentralized data collection system. The implementation of such a framework in a decentralized context shows that the use of knowledge graphs can provide a transparent and accountable view of the data collection process, improving trust and confidence in the system among both data subjects and regulators.
[C2] Self-Sovereign Identity (SSI) Attribute-Based Web Authentication
20th International Conference on Security and Cryptography - SECRYPT 2023
Web authentication is primarily based on password usage, representing the weakest link in the entire security chain. The number of services offered over the web is continuously increasing, and with them also the number of required passwords that users need to create and securely store. Despite various standards for password-less or multi-factor authentication, another issue is that most web authentication means use an identity provider (or a federation of providers) advocated to create, manage and check digital identity claims; able to profile user habits related to web navigation and violate rights in terms of privacy. Recently, we are witnessing a radical change of perspective, where identity checks and enforcement are moved away from the providers and more focused on users. Within such user-centric approaches, Self-Sovereign Identity (SSI) has faced progressive popularity, and some authentication mechanisms based on SSI have been proposed. This paper aims to describe a solution ba sed on Hyperledger Aries which is capable to achieve zero-knowledge proof to make an attribute-based authentication and authorization for the web able to cope with the recent legal obligations in terms of privacy.
[C1] A Decentralized Smart City Using Solid and Self-Sovereign Identity
Computational Science and Its Applications – ICCSA 2023 Workshops
In the Internet of Things (IoT) context, a considerable quantity of data flows from sensors to centralized servers, holding sensitive information related to users. Unfortunately, how servers store these data instances is usually poorly documented and does not offer any transparency to the users but may pave the way to possible privacy violations. Web decentralization is a prominent solution to cope with these issues and legal obligations regarding data protection so that multiple domains are progressively adopting it as the principal technological enabler. The IoT is not among them yet, as a centralized approach is still the most common one; however, moving data location away from servers to prefer gateways or directly to devices closer to users and under their direct control can realize a more decentralized approach and alleviate the issues related to performance, throughput as well as data protection. This paper aims to exploit existing data decentralization solutions, like Social Linked Data (Solid), to define a more distributed data management for IoT and propose a proof-of-concept implementation of a Smart City platform where users can store and directly manage data produced by public or private IoT devices. Despite providing decentralized data handling, Solid is still affected by a centralized identity management and authentication implementation represented by OpenID Connect. Therefore, to fulfill our vision of a decentralized IoT, we also investigate how decentralizing authentication within Solid and a new user-centric approach based on Self-Sovereign Identity (SSI) represents a promising solution.