Project Publications
LOCARD related articles have been published in high-rated journals and presented in top conferences. The following list depicts all articles published and presented from the beginning of the project.


Several ongoing research efforts aim to design potential Future Internet Architectures, among which Named-Data Networking (NDN) introduces a shift from the existing host-centric Internet Protocol-based Internet infrastructure towards a content-oriented one. However, researchers have identified some design limitations in NDN, among which some enable to build up a new type of Distributed Denial of Service attack, better known as Interest Flooding Attack (IFA). In IFA, an adversary issues not satisfiable requests in the network to saturate the Pending Interest Table (PIT) of NDN routers and prevent them from properly handling the legitimate traffic. Researchers have been trying to mitigate this problem by proposing several detection and reaction mechanisms, but all the mechanisms proposed so far are not highly effective and, on the contrary, heavily damage the legitimate traffic. In this paper, we propose a novel mechanism for IFA detection and mitigation, aimed at decreasing the memory consumption of the PIT by effectively reducing the malicious traffic that passes through each NDN router. In particular, our protocol exploits an effective management strategy on the PIT, through which the Malicious Interest (MIs) already stored in the PIT are removed and the new incoming MIs are dropped. In addition, the proposed countermeasure provides an additional security wall on the edges of the network to detect and mitigate the attack as early as possible and improve the network health, i.e., routers PIT occupancy during IFA. To evaluate the effectiveness of our work, we implemented the proposed countermeasure on the open-source ndnSIM simulator and compared its effectiveness with the state of the art. The results show that our proposed countermeasure effectively reduces the IFA damages both in terms of preserved legitimate traffic and availability of routers PIT. Considering the legitimate traffic, the amount of Benign Interests preserved by our approach increases from 5% to 40% with respect to the preservation guaranteed by the state-of-the-art solutions. Concerning the routers PIT availability, our approach guarantees that the 97% of the PIT size is left free for handling the legitimate traffic.

Authors: Abdelmadjid Benarfa; Muhammad Hassan; Eleonora Losiouk; Alberto Compagno; Mohamed Bachir Yagoubi; Mauro Conti.

Journal: International Journal of Information Security.

Date of Publication: 8 May, 2020.

Publisher:: Springer.


In this paper, an enhancement of a hybrid simulation technique based on combining collaborative filtering with deterministic 3D ray launching algorithm is proposed. Our approach implements a new methodology of data depuration from low definition simulations to reduce noisy simulation cells. This is achieved by processing the maximum number of permitted reflections, applying memory based collaborative filtering, using a nearest neighbors’ approach. The depuration of the low definition ray launching simulation results consists on discarding the estimated values of the cells reached by a number of rays lower than a set value. Discarded cell values are considered noise due to the high error that they provide comparing them to high definition ray launching simulation results. Thus, applying the collaborative filtering technique both to empty and noisy cells, the overall accuracy of the proposed methodology is improved. Specifically, the size of the data collected from the scenarios was reduced by more than 40% after identifying and extracting noisy/erroneous values. In addition, despite the reduced amount of training samples, the new methodology provides an accuracy gain above 8% when applied to the real-world scenario under test, compared with the original approach. Therefore, the proposed methodology provides more precise results from a low definition dataset, increasing accuracy while exhibiting lower complexity in terms of computation and data storage. The enhanced hybrid method enables the analysis of larger complex scenarios with high transceiver density, providing coverage/capacity estimations in the design of heterogeneous IoT network applications.

Authors: Fran Casino; Peio Lopez-Iturri; Erik Aguirre; Leyre Azpilicueta; Francisco Falcone; Agusti Solanas.

JournalIEEE Access.

Date of Publication: 4 May, 2020.

Publisher: Institute of Electrical and Electronics Engineers (IEEE).


Random number generation is critical to many applications. Gaming, gambling, and particularly cryptography all require random numbers that are uniform and unpredictable. For testing whether supposedly random sources feature particular characteristics commonly found in random sequences, batteries of statistical tests are used. These are fundamental tools in the evaluation of random number generators and form part of the pathway to certification of secure systems implementing them. Although there have been previous studies into this subject becker2013stealthy, RNG manufacturers and vendors continue to use statistical tests known to be of dubious reliability, in their RNG verification processes. Our research shows that FIPS-140-2 cannot identify adversarial biases effectively, even very primitive ones. Concretely, this work illustrates the inability of the FIPS 140 family of tests to detect bias in three obviously flawed PRNGs. Deprecated by official standards, these tests are nevertheless still widely used, for example in hardware-level self-test schemes incorporated into the design of many True RNGs (TRNGs). They are also popular with engineers and cryptographers for quickly assessing the randomness characteristics of security primitives and protocols, and even with manufacturers aiming to market the randomness features of their products to potential customers. In the following, we present three biased-by-design RNGs to show in explicit detail how simple, glaringly obvious biases are not detected by any of the FIPS 140-2 tests. One of these RNGs is backdoored, leaking key material, while others suffer from significantly reduced unpredictability in their output sequences. To make our point even more straightforward, we show how files containing images can also fool the FIPS 140 family of tests. We end with a discussion on the security issues affecting an interesting and active project to create a randomness beacon. Their authors only tested the quality of their randomness with the FIPS 140 family of tests, and we will show how this has led them to produce predictable output that, albeit passing FIPS fails other randomness tests quite catastrophically.

Authors: Darren Hurley-Smith; Constantinos Patsakis; Julio Hernandez-Castro.

JournalIEEE Transactions on Information Forensics and Security.

Date of Publication: 17 April 2020.

PublisherInstitute of Electrical and Electronics Engineers (IEEE).

Download this file (fips.pdf)fips.pdf[ ]985 kB


Remote attestation has emerged as a valuable security mechanism which aims to verify remotely whether or not a potentially untrusted device has been compromised. The protocols of Remote attestation are particularly important for securing Internet of Things (IoT) systems which, due to the large number of interconnected devices and limited security protections, are susceptible to a wide variety of cyber attacks. To guarantee the integrity of a software running on a single device, remote attestation is usually executed as an uninterrupted procedure: at the attestation time, a device stops the normal operation and executes the attestation of the entire device without interruption. The remote attestation protocols that aim to attest a large number of devices also follow the assumption on uninterrupted execution: when a device attests its network neighbours, each device verified in the neighborhood suspends its normal operation until the attestation protocol is completed. To avoid unnecessary suspension of the normal operation of the devices, this paper proposes a novel Secure Asynchronous Remote Attestation (SARA) protocol that releases the constraint of synchronous interaction among devices. In particular, SARA is an attestation protocol that exploits asynchronous communication capabilities among IoT devices in order to attest a distributed IoT service executed by them. SARA verifies both that each IoT device is not compromised (device trustworthiness), and that the exchanged communication data have not maliciously influence the communicating devices (legitimate operations). By tracing the execution order of each service invocation of an asynchronous distributed service, SARA allows each service to collect accurately historical data of its interactions, and transmits asynchronously such historical data to other interacting services. We have implemented and validated SARA through a realistic simulation on the Contiki emulator that demonstrates the functionality and effic...

Authors: Edlira Dushku; Md Masoom Rabbani; Mauro Conti; Luigi V. Mancini; Silvio Ranise.

Journal:  IEEE Transactions on Information Forensics and Security.

Date of Publication: 25 March, 2020.

Publisher: Institute of Electrical and Electronics Engineers (IEEE).

Download this file (SARA Secure Asynchronous Remote.pdf)SARA Secure Asynchronous Remote.pdf[ ]2181 kB


The evolving of Fifth Generation (5G) networks is becoming more readily available as a significant driver of the growth of new applications and business models. Vehicular Ad hoc Networks (VANETs) and Software Defined Networking (SDN) represent the critical enablers of 5G technology with the development of next-generation intelligent vehicular networks and applications. In recent years, researchers have focused on the integration of SDN and VANET, and looked at different topics related to the architecture, the benefits of software-defined VANET services, and the new functionalities to adapt them. However, the security and robustness of the complete architecture is still questionable and have been largely neglected by the research community. Moreover, the deployment and integration of different entities and several architectural components drive new security threats and vulnerabilities.

In this paper, first, we survey the state-of-the-art SDN based Vehicular ad-hoc Network (SDVN) architectures for their networking infrastructure design, functionalities, benefits, and challenges. Then we discuss these architectures against major security threats that violate the key security services such as availability, privacy, authentication, and data integrity. We also discuss different countermeasures for these threats. Finally, we present the lessons learned with the directions of future research work towards provisioning stringent security solutions in new SDVN architectures. To the best of our knowledge, this is the first work that presents a comprehensive survey and security analysis on SDVN architectures, and we believe that it will help researchers to address various challenges (e.g., flexible network management, control and high resource utilization, and scalability) in vehicular communication systems which are required to improve the future Intelligent Transportation Systems (ITS).

Authors: Wafa Ben JaballahMauro ContiChhagan Lal.

Journal: Computer Networks.

Date of Publication: 14 March, 2020.

Publisher: Elsevier.


Recent advances in telecommunications and database systems have allowed the scientific community to efficiently mine vast amounts of information worldwide and to extract new knowledge by discovering hidden patterns and correlations. Nevertheless, all this shared information can be used to invade the privacy of individuals through the use of fusion and mining techniques. Simply removing direct identifiers such as name, SSN, or phone number is not anymore sufficient to prevent against these practices. In numerous cases, other fields, like gender, date of birth and/or zipcode, can be used to re-identify individuals and to expose their sensitive details, e.g. their medical conditions, financial statuses and transactions, or even their private connections. The scope of this work is to provide an in-depth overview of the current state of the art in Privacy-Preserving Data Publishing (PPDP) for relational data. To counter information leakage, a number of data anonymisation methods have been proposed during the past few years, including $k$ -anonymity, $\ell $ -diversity, $t$ -closeness, to name a few. In this study we analyse these methods providing concrete examples not only to explain how each of them works, but also to facilitate the reader to understand the different usage scenarios in which each of them can be applied. Furthermore, we detail several attacks along with their possible countermeasures, and we discuss open questions and future research directions.

Authors: Athanasios Zigomitros; Fran Casino; Agusti Solanas; Constantinos Patsakis.

Journal: IEEE Access.

Date of Publication: 11 March 2020.

Publisher: Institute of Electrical and Electronics Engineers (IEEE).

Download this file (kannon.pdf)kannon.pdf[ ]2830 kB


Android is currently the most widespread operating system (OS) worldwide, but also the most prone to attacks. Despite the challenges faced by Industry and Academia to improve the Android OS security, it still has several vulnerabilities. Among those, the severity of the Next-Intent Vulnerability (NIV) can be immediately grasped. Android apps are made of components, which by default are private and cannot be targeted by other apps on the same phone. However, NIV allows any app to access the private components of a different app, eventually generating a crash or stealing sensitive data. NIV occurs when there is a chain of calls among different components based on the Intent messaging model and there is no control over the reliability of the first component triggering the call. NIV was first detected in 2013, but it is still an open issue. In this paper, we present Next-Intent Vulnerability Detector (NIVD), a novel approach to detect NIV in Android apps by relying on type systems. NIVD applies the inference rules of its type system to the app execution paths containing a sequence of calls to three NIV-related Android APIs. Compared to the state-of-the-art, NIVD is faster and more efficient, without losing precision in detecting NIV. Finally, through NIVD Google Photos was found to be vulnerable, and we disclosed the finding on the Google official bug report website (issue number 124342801).

Authors: Mohamed A. El-Zawawy; Eleonora Losiouk; Mauro Conti.

Journal: International Journal of Information Security.

Date of Publication: 6 March, 2020.

Publisher:: Springer.


Energy trading in Industrial Internet of Things (IIoT), a fundamental approach to realize Industry 4.0, plays a vital role in satisfying energy demands and optimizing system efficiency. Existing research works adopts a utility company to distribute energy to energy nodes with the help of energy brokers. Afterwards, they apply blockchain to provide transparency, immutability, and auditability of peer-to-peer (P2P) energy trading. However, their schemes are constructed on a weak security model and do not consider the cheating attack initiated by energy sellers. Such an attack refers to an energy seller refusing to transfer the negotiated energy to an energy purchaser who already paid money. In this paper, we propose FeneChain, a blockchain-based energy trading scheme to supervise and manage the energy trading process towards building a secure energy trading system and improving the energy quality for Industry 4.0. Specifically, we leverage anonymous authentication to protect user privacy, and we design a timed commitments based mechanism to guarantee the verifiable fairness during energy trading. Moreover, we utilize fine-grained access control for energy trading services. We also build a consortium blockchain among energy brokers to verify and record energy trading transactions. Finally, we formally analyze the security and privacy of FeneChain and evaluate its performance (i.e., computational costs and communication overhead) by implementing a prototype via a local Ethereum test network and Raspberry Pi.

Authors: Meng Li; Donghui Hu; Chhagan Lal; Mauro Conti; Zijian Zhang.

Journal: IEEE Transactions on Industrial Informatics.

Date of Publication: 17 February, 2020.

Publisher: Institute of Electrical and Electronics Engineers (IEEE).


Tracing products and processes across complex supply chain networks has become an integral part of current supply chain management practices. However, the effectiveness and efficiency of existing supply chain traceability mechanisms are hindered by several barriers including lack of data interoperability and information sharing, opportunistic behaviour, lack of transparency and visibility and cyber-physical threats, to name a few. In this paper, we propose a forensics-by-design supply chain traceability framework with audit trails for integrity and provenance guarantees based on malleable blockchain tokens. This framework also provides the establishment of different granularity levels for tracing products across the entire supply chain based on their unique characteristics, supply chain processes and stakeholders engagement. To showcase the applicability of our proposal, we develop a functional set of smart contracts and a local private blockchain. The benefits of our framework are further discussed, along with fruitful areas for future research.

Authors: Thomas K. Dasaklis; Fran Casino; Costas PatsakisChristos Douligeris.

Conference17th Int. Conference on Business Process Management (BPM 2019), at Vienna.

Date of Publication: January 2020.

PublisherSpringer, Cham.

Download this file (blockchaintokens.pdf)blockchaintokens.pdf[ ]699 kB

Page 4 of 6

Slide 1
Join the community
Follow us and stay connected and updated.
EU flag Copyright © 2019 - 2022 LOCARD. All rights reserved. This project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement nº 832735. This project reflects only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.