Project Publications
LOCARD related articles have been published in high-rated journals and presented in top conferences. The following list depicts all articles published and presented from the beginning of the project.


The rapid evolution towards the Industry 4.0 improves the performances of Industrial Control Systems (ICSs). However, due to the unmanageable re-engineering cost of pre-existing industrial devices, insecure protocols continue to be used to manage these systems. In this scenario, legacy protocols, such as the Modbus/TCP, are still largely used to control a range of industrial processes alongside with modern technologies. Consequently, hybrid industrial infrastructures with both legacy and innovative devices require novel security and prevention methodologies.

In this work, we present AMON (Automaton MONitor): an Intrusion Detection System (IDS) based on Deterministic Finite Automata (DFA) for Modbus/TCP traffic monitoring. AMON combines DFA with the Longest Repeating Subsequence (LRS) algorithm, commonly used in bioinformatics, to model the traffic and identify anomalies. In order to address the challenges presented in hybrid scenarios, we extend AMON to work with the Constrained Application Protocol (CoAP), used for the Industrial Internet of Things (IIoT). We show preliminary results in a simulated industrial network and discuss possible implementation of the developed detection system to secure hybrid industrial infrastructures.

Authors: Giuseppe Bernieri; Mauro Conti; Gabriele Pozzan.

Conference: Proceedings of the 14th International Conference on Availability, Reliability and Security - ARES '19.

Date of Publication: August 2019.

Publisher: ACM Digital Library.


This article proposes a novel mechanism for swarm attestation, i.e., the remote attestation (RA) of a multitude of interconnected devices, also called a swarm of devices. Classical RA protocols work with one prover and one verifier. Swarm attestation protocols assume that the devices in the swarm act both as verifier and prover in order to attest the software integrity of all the devices to a root verifier, typically in a spanning-tree topology. We propose “scalable heterogeneous layered attestation (SHeLA),” a novel RA technique for swarms. Our approach consists of introducing an additional edge layer in between the root verifier and the swarm devices. The edge layer consists of geographically spread devices with a larger computational power and storage capacity than the swarm devices. The main challenges we address are related to the scalability of the swarm, the availability or visibility of the nodes (especially when they are mobile), the heterogeneity of the devices with respect to the wireless communication protocol and interface, and the granularity of the attestation in terms of detecting the sanity of individual swarm devices. We build a proof-of-concept network that allows us to evaluate the computational delay and the resource overhead of the edge and swarm devices, and to perform a thorough security analysis.

AuthorsMd Masoom RabbaniJo VliegenJori WinderickxMauro ContiNele Mentens.

Date of Publication: August 2019.

PublisherInstitute of Electrical and Electronics Engineers (IEEE).


Communication service providers (e.g., Whatsapp) enable users to connect with people around the world. These services have been widely adopted and used by millions of users, and such services have emerged as a replacement of the transitional calling and messaging. Unfortunately, these communication services have also been used to commit illegal activities and serious crimes. Therefore, service providers ask for user's phone/mobile number to verify the user's identity and to prevent misuses.

The Internet is full of freebie services. Short Message Service (SMS) receiving services/websites are one of them. These message receiving websites provide users with real phone numbers and allow them to receive messages. In this paper, we investigate whether these message receiving website have been used as a tool to forge identity verification - typically done using One Time Passwords (OTP) - required for account creation. In our initial investigation, we created and successfully verified accounts for several messaging/calling apps as well as for social networking sites/apps using these message receiving services. Motivated from these findings, we collected and analyzed over 900K unique SMS messages received (upon request of other users) on 18 SMS receiving websites. Our analysis of these messages shows that 82.34% received messages included an OTP. This situation is very alarming that demonstrates the tendency of people to evade identity verification to create online accounts. We also found that the majority (52.47%) of verification code were six-characters long while nine-characters long verification codes were the least used.

Authors: Md. Hajian BerenjestanakiMauro Conti; Ankit Gangwal

Date of Publication: August 2019.

Publisher: Association for Computing Machinery, New York, NY, United States.

Conference: ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security.


The cyber-physical security of Industrial Control Systems (ICSs) represents an actual and worthwhile research topic. In this paper, we compare and evaluate different Machine Learning (ML) algorithms for anomaly detection in industrial control networks. We analyze supervised and unsupervised ML-based anomaly detection approaches using datasets extracted from the Secure Water Treatment (SWaT), a testbed developed to emulate a scaled-down real industrial plant. Our experiments show strengths and limitations of the two ML-based anomaly detection approaches for industrial networks.

Authors: Giuseppe Bernieri;Mauro Conti;Federico Turrin.

Date of Publication: 8 July, 2019.

Publisher: Institute of Electrical and Electronics Engineers (IEEE).

Conference: 2019 IEEE International Symposium on Measurements & Networking (M&N).

Page 4 of 4

Join the community
Follow us and stay connected and updated.
EU flag Copyright © 2020 LOCARD. All rights reserved. This project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement nº 832735. This project reflects only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.