Tag Archives: Applied Security

30/11/2018 – Talk by Manali Chakraborty

Title: An Intelligent Framework for Managing Smart Power Grid
Time: 12:00
Location: Meeting Room B, Building Zeta
Type: Research talk
Speaker:  An Intelligent Framework for Managing Smart Power Grid
The increasing dependability on the communication network makes Smart Grid vulnerable towards several cyber security threats. Advanced metering infrastructure (AMI) is arguably the most important and critical part of Smart Grid. AMI deals with the most sensitive information in the Grid and transmits them through the network. There already exist a good number of security solutions for AMI. However the percentage of security attacks is also increasing day by day and so does the innovative and intelligent ideas behind those attacks. As the inherent characteristics of Smart Grid is quite unique and different from traditional IT networks, the existing solutions fall short to handle these Smart Grid specific problems. Besides, balancing the supply-demand ratio in the Smart Grid considering all these odds, is far from being an easy job and requires additional technological support. Moreover, in order to maximize the benefits of Smart Grid, it is utmost important to connect and manage all the components and devices in the grid. This work in this thesis focuses on the feasibility of improving the security and autonomic functionalities of Advance Metering Infrastructure (AMI) in Smart Grid. The work can be broadly categorized into three parts depending on the concerned functionality of AMI.

14/11/2018 – Talk by Riccardo Lazzeretti

Title:  Computing with private data: Data Processing in the Encrypted Domain
Time: 14:30
Location: Meeting Room B, Building Zeta
Type: Research talk
Speaker:  Riccardo Lazzeretti
Processing and encryption of content are generally considered sequential and independent operations. In certain multimedia content processing scenarios, it is, however, desirable to carry out processing directly on encrypted data to preserve the privacy of the data owners. The field of secure signal processing poses significant challenges for both signal processing and cryptography research, and only few ready-to-go fully integrated solutions are available. This talk first concisely summarizes some of the cryptographic primitives used in existing solutions to processing of encrypted signals, and discusses implications of the security requirements on these solutions. The talk then focuses on some application domains in which secure data processing has been taken up as a challenge, namely, analysis of biomedical data, remote biometric recognition and privacy-preserving IoT device coordination. Finally, the talk discusses the challenges and open issues in the field of secure data processing and other research directions recently explored at University of Padua and Sapienza University of Rome.
Short bio:
Riccardo Lazzeretti got the MSc degree (Laurea) in Computer Science Engineering and the Europeaus Ph.D. at the Information Engineering Department of the University of Siena, and during Ph.D. he spent six months in Philips Lab at Eindhoven, The Netherland. He has been a psot-doc researcher at University of Siena until 2015. From 2016 to February 2017 he has been post-doc researcher at the University of Padua, Italy, Department of Mathematics, where he was part of the SPRITZ research group. Riccardo Lazzeretti is currently assistant professor (RTD-A) at Sapienza University of Rome, Italy. He is member of CINI’s Cybersecurity National Laboratory and the Research Center of Cyber Intelligence and Information Security (CIS). His research activities span on the security field, with particular focus on privacy preserving applications based on Homomorphic Encryption and Secure Multi-Party Computation. He is associate editor of Elsevier Journal of Information Security and Applications, regularly serves in the technical program committees of conferences in the field of security. He has been deeply involved in the activities of EU and Italian funded projects in the area of security and privacy.

14/07/2017 – Talk by Matus Namec

Title: Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans Fingerprinting
Time: 11:00
Location: Skype call
Type: Research Result
Speaker: Matus Nemec
We measure the popularity of cryptographic libraries in large datasets of RSA public keys. We do so by improving a recently proposed method based on biases introduced by alternative implementations of prime selection in different cryptographic libraries. We extend the previous work by applying statistical inference to approximate a share of libraries matching an observed distribution of RSA keys in an inspected dataset (e.g., Internet-wide scan of TLS handshakes). The sensitivity of our method is sufficient to detect transient events such as a periodic insertion of keys from a specific library into Certificate Transparency logs and inconsistencies in archived datasets.

We apply the method on keys from multiple Internet-wide scans collected in years 2010 through 2017, on Certificate Transparency logs and on separate datasets for PGP keys and SSH keys. The results quantify a strong dominance of OpenSSL with more than 84% TLS keys for Alexa 1M domains, steadily increasing since the first measurement. OpenSSL is even more popular for GitHub client-side SSH keys, with a share larger than 96%. Surprisingly, new certificates inserted in Certificate Transparency logs on certain days contain more than 20% keys most likely originating from Java libraries, while TLS scans contain less than 5% of such keys.

Since the ground truth is not known, we compared our measurements with other estimates and simulated different scenarios to evaluate the accuracy of our method. To our best knowledge, this is the first accurate measurement of the popularity of cryptographic libraries not based on proxy information like web server fingerprinting, but directly on the number of observed unique keys.