PORTFOLIO

SECURE AND LARGE-SCALE DISTRIBUTED SYSTEMS

Security in industrial wireless systems (2011)
with Marcelo Masera, JRC

The growth of industrial wireless systems brought not only several advantages, such as installation and maintenance cost savings and rapid deployment, but also new security concerns.

 

This project analyzed threats and vulnerabilities inherent in the WirelessHart and ISA100.11 industrial wireless standards that arise at different layers of the network stack, and concern the design of some key building blocks, and unexplored security threats (e.g., intruders, and malicious attacks).

 

We analyzed scenarios of malicious attacks exploiting limitations inherent in the wireless networks such as limited energy and network bandwidth. For instance, we showed how a targetable jamming attack can affect the correctness of the time module, thus disrupting the availability and the correctness of the underlying service. 

 
An innovative secure and scalable real-time digital time-stamping system (2005) 
ICC award
with Bell-Labs and University of Pisa

Secure digital timestamps play a crucial role in many applications that rely on the correctness of time sensitive information. Previous time-stamping systems were based on linking schemes that have coarse granularity, high latency, and scale poorly to high volume of clients and requests. As a result, they are not suitable for applications requiring real-time fine-grained timestamps (e.g., aggregation of real-time sensitive information, temporal access control, financial applications).

 

We proposed an innovative provably secure real-time timestamping system that overcomes those drawbacks and offers high performance and scalability.

Fleet: highly scalable and secure distributed data repository (2001)
with Mike Reiter, Bell-Labs

Fleet was an innovative middleware system implementing a secure distributed data repository for persistent objects. It was primarily targeted for supporting critical applications such as governmental and financial applications, e-banking, and it is designed to be highly available and scalable to very large numbers of clients and servers.

 

It employs Byzantine quorum systems to improve the performance of the system (e.g., scalability, load balance, access cost per operation), and comprises a suite of innovative intrusion-tolerant coordination protocols.

 

We built an e-voting application on top of Fleet system and deployed it to the Defence Advanced Research Projecta Agency (DARPA) in September 2001. 

Efficiency and scalability in intrusion-tolerant large data sharing systems resilient to malicious attacks (2002)
with Bell-Labs and University of Pisa

Coordination protocols that are resilient to malicious coordinated attacks are known for their high computational and communication cost.

 

We proposed several solutions to improve their efficiency and scalability in case of very large data such as 

  1. a randomized approach combined with one-way collision- resistant hash functions

  2. an optimistic information dispersal protocol that dynamically adapts as failures are detected.

 

Moreover, we explored weaker and more efficient data consistency models, such as causal consistency in a shared memory and in dynamic client/server models. 

IoT Port security
at JRC

We analyzed security threats and vulnerabilities in ports along with the advantages provided by emerging digital technologies for surveillance, border monitoring, cargo tracking and control, and provided guidelines and recommendations to the General Directory of Maritime Affairs and Fisheries of the European Commission.