Project Publications
LOCARD related articles have been published in high-rated journals and presented in top conferences. The following list depicts all articles published and presented from the beginning of the project.


The introduction of remote attestation (RA) schemes has allowed academia and industry to enhance the security of their systems. The commercial products currently available enable only the validation of static properties, such as applications fingerprint, and do not handle runtime properties, such as controlflow correctness. This limitation pushed researchers towards the identification of new approaches, called runtime RA. However, those mainly work on embedded devices, which share very few common features with complex systems, such as virtual machines in a cloud. A naive deployment of runtime RA schemes for embedded devices on complex systems faces scalability problems, such as the representation of complex control-flows or slow verification phase. In this work, we present ScaRR: the first Scalable Runtime Remote attestation schema for complex systems. Thanks to its novel control-flow model, ScaRR enables the deployment of runtime RA on any application regardless of its complexity, by also achieving good performance. We implemented ScaRR and tested it on the benchmark suite SPEC CPU 2017. We show that ScaRR can validate on average 2M control-flow events per second, definitely outperforming existing solutions that support runtime RA on complex systems.

Authors: Flavio Toffalini; Eleonora Losiouk; Andrea Biondo; Jianying ZhouMauro Conti.

Date of Publication: September 2019.

Conference: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019).

Download this file (scarr.pdf)scarr.pdf[ ]345 kB


A variety of solutions, e.g., Proof-of-Work (PoW), Proof-of-Stake (PoS), Proof-of-Burn (PoB), and Proof-of-Elapsed-Time (PoET), have been proposed to make consensus mechanism used by the blockchain technology more democratic, efficient, and scalable. However, these solutions have a number of limitations, e.g., PoW approach requires a huge amount of computational power, scales poorly, and wastes a lot of electrical energy. Recently, an innovative protocol called Algorand has been proposed to overcome these limitations. Algorand not only guarantees an overwhelming probability of linearity of the blockchain, but it also aims to solve the "blockchain trilemma" of decentralization, scalability, and security.

In this paper, we present a security analysis of Algorand. To the best of our knowledge, it is the first security analysis as well as the first formal study on Algorand. We designed an attack scenario in which a group of malicious users tries to break the protocol, or at least limit it to a reduced partition of network users, by exploiting a security flaw in the messages validation process of the Byzantine Agreement (BA). Since the source code or an official simulator for Algorand was not available at the time of our study, we created a simulator (which is available on request) to implement the protocol and assess the feasibility of our attack scenario. Our attack requires the attacker to merely have the trivial capability of establishing multiple connections with targeted nodes, and it costs practically nothing to the attacker. Our results show that it is possible to slow down the message validation process on honest nodes - which eventually forces them to select default values on the consensus - leaving the targeted nodes behind in the chain as compared to the non-attacked nodes. Even though our results are subject to the real implementation of the protocol, the core concept of our attack remains valid.

Authors: Mauro Conti; Ankit GangwalMichele Todero.

Conference: Proceedings of the 14th International Conference on Availability, Reliability and Security - ARES '19.

Date of Publication: August 2019.

Publisher: ACM Digital Library.


The rapid evolution towards the Industry 4.0 improves the performances of Industrial Control Systems (ICSs). However, due to the unmanageable re-engineering cost of pre-existing industrial devices, insecure protocols continue to be used to manage these systems. In this scenario, legacy protocols, such as the Modbus/TCP, are still largely used to control a range of industrial processes alongside with modern technologies. Consequently, hybrid industrial infrastructures with both legacy and innovative devices require novel security and prevention methodologies.

In this work, we present AMON (Automaton MONitor): an Intrusion Detection System (IDS) based on Deterministic Finite Automata (DFA) for Modbus/TCP traffic monitoring. AMON combines DFA with the Longest Repeating Subsequence (LRS) algorithm, commonly used in bioinformatics, to model the traffic and identify anomalies. In order to address the challenges presented in hybrid scenarios, we extend AMON to work with the Constrained Application Protocol (CoAP), used for the Industrial Internet of Things (IIoT). We show preliminary results in a simulated industrial network and discuss possible implementation of the developed detection system to secure hybrid industrial infrastructures.

Authors: Giuseppe Bernieri; Mauro Conti; Gabriele Pozzan.

Conference: Proceedings of the 14th International Conference on Availability, Reliability and Security - ARES '19.

Date of Publication: August 2019.

Publisher: ACM Digital Library.


This article proposes a novel mechanism for swarm attestation, i.e., the remote attestation (RA) of a multitude of interconnected devices, also called a swarm of devices. Classical RA protocols work with one prover and one verifier. Swarm attestation protocols assume that the devices in the swarm act both as verifier and prover in order to attest the software integrity of all the devices to a root verifier, typically in a spanning-tree topology. We propose “scalable heterogeneous layered attestation (SHeLA),” a novel RA technique for swarms. Our approach consists of introducing an additional edge layer in between the root verifier and the swarm devices. The edge layer consists of geographically spread devices with a larger computational power and storage capacity than the swarm devices. The main challenges we address are related to the scalability of the swarm, the availability or visibility of the nodes (especially when they are mobile), the heterogeneity of the devices with respect to the wireless communication protocol and interface, and the granularity of the attestation in terms of detecting the sanity of individual swarm devices. We build a proof-of-concept network that allows us to evaluate the computational delay and the resource overhead of the edge and swarm devices, and to perform a thorough security analysis.

AuthorsMd Masoom RabbaniJo VliegenJori WinderickxMauro ContiNele Mentens.

Date of Publication: August 2019.

PublisherInstitute of Electrical and Electronics Engineers (IEEE).


Communication service providers (e.g., Whatsapp) enable users to connect with people around the world. These services have been widely adopted and used by millions of users, and such services have emerged as a replacement of the transitional calling and messaging. Unfortunately, these communication services have also been used to commit illegal activities and serious crimes. Therefore, service providers ask for user's phone/mobile number to verify the user's identity and to prevent misuses.

The Internet is full of freebie services. Short Message Service (SMS) receiving services/websites are one of them. These message receiving websites provide users with real phone numbers and allow them to receive messages. In this paper, we investigate whether these message receiving website have been used as a tool to forge identity verification - typically done using One Time Passwords (OTP) - required for account creation. In our initial investigation, we created and successfully verified accounts for several messaging/calling apps as well as for social networking sites/apps using these message receiving services. Motivated from these findings, we collected and analyzed over 900K unique SMS messages received (upon request of other users) on 18 SMS receiving websites. Our analysis of these messages shows that 82.34% received messages included an OTP. This situation is very alarming that demonstrates the tendency of people to evade identity verification to create online accounts. We also found that the majority (52.47%) of verification code were six-characters long while nine-characters long verification codes were the least used.

Authors: Md. Hajian BerenjestanakiMauro Conti; Ankit Gangwal

Date of Publication: August 2019.

Publisher: Association for Computing Machinery, New York, NY, United States.

Conference: ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security.


The cyber-physical security of Industrial Control Systems (ICSs) represents an actual and worthwhile research topic. In this paper, we compare and evaluate different Machine Learning (ML) algorithms for anomaly detection in industrial control networks. We analyze supervised and unsupervised ML-based anomaly detection approaches using datasets extracted from the Secure Water Treatment (SWaT), a testbed developed to emulate a scaled-down real industrial plant. Our experiments show strengths and limitations of the two ML-based anomaly detection approaches for industrial networks.

Authors: Giuseppe Bernieri;Mauro Conti;Federico Turrin.

Date of Publication: 8 July, 2019.

Publisher: Institute of Electrical and Electronics Engineers (IEEE).

Conference: 2019 IEEE International Symposium on Measurements & Networking (M&N).

Page 5 of 5

Slide 1
Join the community
Follow us and stay connected and updated.
EU flag Copyright © 2019 - 2022 LOCARD. All rights reserved. This project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement nº 832735. This project reflects only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.