Project Publications
LOCARD related articles have been published in high-rated journals and presented in top conferences. The following list depicts all articles published and presented from the beginning of the project.


In recent years, the booming of Internet of Things (IoT) has populated the world with billions of smart devices that implement novel services and applications. The potential for cyberattacks on IoT systems have called for new solutions from the research community. Remote attestation is a widely used technique that allows a verifier to identify software compromise on a remote platform (called prover). Traditional challenge-response remote attestation protocols between the verifier and a single prover face a severe scalability challenge when they are applied to large scale IoT systems. To tackle this issue, recently researchers have started developing attestation schemes, which we refer to as Collective Remote Attestation (CRA) schemes, that are capable of remotely performing attestation of large networks of IoT devices. In this paper, after providing the reader with a background on remote attestation, we survey and analyze existing CRA schemes. We present an analysis of their advantages and disadvantages, as well as of their effectiveness against a reference attacker model. We focus our attention on CRA schemes' characteristics and adversarial mitigation capabilities. We finally highlight open research issues and give possible directions for mitigating both the limitations of existing schemes, and new emerging challenges. We believe this work can help guiding the design of current and future proposals for CRA.

Authors: M. Ambrosin, M. Conti, R. Lazzeretti, M. M. Rabbani and S. Ranise.

JournalIEEE Communications Surveys & Tutorials

Date of Publication: November 2020

Publisher: IEEE


The growing interest in healthy ageing has fostered the definition and use of proper measures to assess decline in older adults. The World Health Organisation has defined the concept of intrinsic capacity to address this issue. In this paper, we approach the intrinsic capacity concept from an engineering perspective. Our contribution is threefold: (i) we summarise the results of a literature review on the topic, which points to a lack of holistic solutions to assess intrinsic capacity automatically, by using information technology, (ii) we suggest a data-warehouse-inspired architecture to tackle the problem, and (iii) we discuss the main challenges that remain open and must be studied in the future. Overall, this paper is a first step towards the definition of an architecture allowing the practical implementation of a holistic, context-aware, automatic system to measure intrinsic capacity and monitor the healthy ageing of elders.

Authors: M. Garcia-Famoso, M. A. Moncusi and A. Solanas.

ConferenceAnnual Computers, Software, and Applications Conference (COMPSAC)

Date of Publication: July 2021

Publisher: IEEE


Vehicular networks allow billions of vehicular users to be connected to report and exchange real-time data for offering various services, such as navigation, ride-hailing, smart parking, traffic monitoring, and vehicular digital forensics. Fifth generation (5G) is a new radio access technology with greater coverage, accessibility, and higher network density. 5G-supported Vehicular Networks (5GVNs) have attracted plenty of attention from both academia and industry. Geared with new features, they are expected to revolutionize the mobility ecosystem to empower a portfolio of new services. Meanwhile, the development of such communication capabilities, along with the development of sensory devices and the enhancement of local computing powers, have lead to an inevitable reality of massive data (e.g., identity, location, and trajectory) collection from vehicular users. Unfortunately, 5GVN are still confronted with a variety of privacy threats. Such threats are targeted at users' data, identity, location, and trajectory. If not properly handled, such threats will cause unimaginable consequences to users. In this survey, we first review the state-of-the-art of survey papers. Next, we introduce the architecture, features, and services of 5GVN, followed by the privacy objectives of 5GVN and privacy threats to 5GVN. Further, we present existing privacy-preserving solutions and analyze them in-depth. Finally, we define some future research directions to draw more attention and down-to-earth efforts into this new architecture and its privacy issues.

Authors: M. Li, L. Zhu, Z. Zhang, C. Lal, M. Conti and F. Martinelli.

JournalIEEE Open Journal of the Communications Society

Date of Publication: August 2021

Publisher: IEEE


Cybercrime has become a prevalent threat over the last decade. Despite the numerous efforts devoted by national and supranational institutions, disparities on regulations along with the decentralisation of information networks have increased the complexity for judiciary forces, and all actors involved in the investigation process, of fighting against cybercriminals. With the aim to increase the security level of the actors involved in judicial processes and assure the proper collection and integrity of digital evidence, in this article we discuss how blockchain technology could help to ensure the chain of custody throughout the flow of forensic analyses. Likewise, besides the successful instruments promoted by the EU aimed at facilitating cross-border exchange of data, we identify further actions to improve the exchange of digital evidence among all entities involved in the investigation. In this context, we highlight the approach presented by the EU project LOCARD that provides a collaborative and distributed platform to automate the management of digital evidence with blockchain technology guaranteeing, therefore, the integrity and transparency of the cross-jurisdictional chain of custody.

Authors: López-Aguilar, P.; Solanas, A

Conference: International Conference on Applications in Electronics Pervading Industry, Environment and Society

Date of Publication: April 2022

Publisher: Springer


During the last few years, there has been an upsurge of social media influencers who are part of the adult entertainment industry, referred to as Performers. To monetize their online presence, Performers often engage in practices which violate community guidelines of social media, such as selling subscriptions for accessing their private "premium" social media accounts, where they distribute adult content. In this paper, we collect and analyze data from FanCentro, an online marketplace where Performers can sell adult content and subscriptions to private accounts in platforms like Snapchat and Instagram. Our work aims to shed light on the semi-illicit adult content market layered on the top of popular social media platforms and its offerings, as well as to profile the demographics, activity and content produced by Performers.

Authors: Nikolaos Lykousas; Fran Casino; Constantinos Patsakis

Conference: International Conference on Social Informatics

Date of Publication: October 2020.

Publisher: Springer


Nowadays, malware campaigns have reached a high level of sophistication, thanks to the use of cryptography and covert communication channels over traditional protocols and services. In this regard, a typical approach to evade botnet identification and takedown mechanisms is the use of domain fluxing through the use of Domain Generation Algorithms (DGAs). These algorithms produce an overwhelming amount of domain names that the infected device tries to communicate with to find the Command and Control server, yet only a small fragment of them is actually registered. Due to the high number of domain names, the blacklisting approach is rendered useless. Therefore, the botmaster may pivot the control dynamically and hinder botnet detection mechanisms. To counter this problem, many security mechanisms result in solutions that try to identify domains from a DGA based on the randomness of their name.

In this work, we explore hard to detect families of DGAs, as they are constructed to bypass these mechanisms. More precisely, they are based on the use of dictionaries or adversarial approaches so the generated domains seem to be user-generated. Therefore, the corresponding generated domains pass many filters that look for, e.g. high entropy strings or n-grams. To address this challenge, we propose an accurate and efficient probabilistic approach to detect them. We test and validate the proposed solution through extensive experiments with a sound dataset containing all the wordlist-based DGA families that exhibit this behaviour, as well as several adversarial DGAs, and compare it with other state-of-the-art methods, practically showing the efficacy and prevalence of our proposal.

Authors: Constantinos Patsakis; Fran Casino

Journal: Journal of Information Security and Applications

Date of Publication: May 2021.

Publisher: Elsevier


In this report, we analyse the latest campaign of Emotet that had a significant impact in several countries worldwide. We leverage the data of a specifically crafted dataset, which contains emails, documents, executables and domains from the latest campaign. The goal is to analyse the attack vector, map the infrastructure used in various stages of the campaign and perform a surface analysis of Emotet's malicious payloads to assess their potential impact.

Authors: Constantinos Patsakis; Anargyros Chrysanthou

Journal: arXiv

Date of Publication: November 2020.

Publisher: arXiv

Download this file (fall-2020-emotet.pdf)fall-2020-emotet.pdf[ ]8676 kB


The current landscape of the core Internet technologies shows considerable centralisation with the big tech companies controlling the vast majority of traffic and services. This situation has sparked a wide range of decentralisation initiatives with blockchain technology being among the most prominent and successful innovations. At the same time, over the past years there have been considerable attempts to address the security and privacy issues affecting the Domain Name System (DNS). To this end, it is claimed that Blockchain-based DNS may solve many of the limitations of traditional DNS. However, such an alternative comes with its own security concerns and issues, as any introduction and adoption of a new technology typically does - let alone a disruptive one. In this work we present the emerging threat landscape of blockchain-based DNS and we empirically validate the threats with real-world data. Specifically, we explore a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself (Namecoin and Emercoin), the domains, and users who have been registered in these platforms. Our findings reveal several potential domain extortion attempts and possible phishing schemes. Finally, we suggest countermeasures to address the identified threats, and we identify emerging research themes.

Authors: Constantinos Patsakis; Fran Casino; Nikolaos Lykousas; Vasilios Katos

JournalIEEE Access

Date of Publication: June 2020.

Publisher: IEEE

Download this file (unravelling-ariadne-thread.pdf)unravelling-ariadne-thread.pdf[ ]1993 kB


The Internet of Things (IoT) is an emerging paradigm and has penetrated deeply into our daily life. Due to the seamless connections of the IoT devices with the physical world through the Internet, the IoT applications use the cloud to store and provide ubiquitous access to collected data. Sharing of data with third party services and other users incurs potential risks and leads to unique security and privacy concerns, e.g., data breaches. Existing cryptographic solutions are inapt for resource-constrained IoT devices, because of their significant computational overhead. To address these concerns, we propose a data protection scheme to store the encrypted IoT data in a cloud, while still allowing query processing over the encrypted data. Our proposed scheme features a novel encrypted data sharing scheme based on Boneh-Goh-Nissim (BGN) cryptosystem, with revocation capabilities and in-situ key updates. We perform exhaustive experiments on real datasets, to assess the feasibility of the proposed scheme on the resource constrained IoT devices. The results show the feasibility of our scheme, together with the ability to provide a high level of security. The results also show that our scheme significantly reduces the computation, storage and energy overheads than the best performed scheme in the state-of-the-art.

Authors: Subir Halder; Mauro Conti.

JournalIEEE Transactions on Cloud Computing

Date of Publication: January 2021.

Publisher: IEEE

Page 2 of 6

Slide 1
Join the community
Follow us and stay connected and updated.
EU flag Copyright © 2019 - 2022 LOCARD. All rights reserved. This project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement nº 832735. This project reflects only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.