Giuseppe Bianchi

University of Rome Tor Vergata | UNIROMA2 · Dipartimento di Ingegneria Elettronica

Modern malware poses a severe threat to cybersecurity, continually evolving in sophistication. To combat this threat, researchers and security professionals continuously explore advanced techniques for malware detection and analysis. Dynamic analysis, a prevalent approach, offers advantages over static analysis by enabling observation of runtime be...

The growing integration of software within medical devices introduces the potential for cybersecurity threats. How significant is this risk, and to what extent are citizens currently exposed? In this study, we adopt a new data-gathering methodology using datasets provided in Open Contracting Data Standard (OCDS). This allowed us to perform an exten...

While GPS has traditionally been the primary positioning technology, 3GPP has more recently begun to include positioning services as native, built-in features of future-generation cellular networks. With Release 16 of the 3GPP, finalized in 2021, a significant standardization effort has taken place for positioning in 5G networks, especially in term...

Time-based One-Time Password (TOTP) is a widely used method for two-factor authentication, whose operation relies on one-time codes generated from the device’s clock and validated using the servers’ clock. By introducing the notion of forward-replay attack, in this paper we underline an obvious (but somewhat overlooked) fact: a secure server’s time...

With the rise of the Network Softwarization era, eBPF has become a hot technology for efficient packet processing on commodity hardware. However the development of custom eBPF solutions is a challenging process that requires highly qualified human resources. Indeed, in eBPF, it is difficult to devise truly modular applications since the development...

In the past few years, blockchain technology has emerged in numerous smart grid applications, enabling the construction of systems without the need for a trusted third party. Blockchain offers transparency, traceability, and accountability, which lets various energy management system functionalities be executed through smart contracts, such as moni...

Most of existing cardinality estimation algorithms do not support natively interval queries under a sliding window model and are thereby insensitive to data recency. We present Staggered-HyperLogLog (ST-HLL), a probabilistic data structure that takes inspiration from HyperLogLog (HLL) and provides nearly continuous-time estimation of cardinality ra...

The network interface cards (NICs) of modern computers are changing to adapt to faster data rates and to help with the scaling issues of general-purpose CPU technologies. Among the ongoing innovations, the inclusion of programmable accelerators on the NIC's data path is particularly interesting, since it provides the opportunity to offload some of...

The continuous quest for performance pushed processors to incorporate elements such as multiple cores, caches, acceleration units, or speculative execution that make systems very complex. On the other hand, these features often expose unexpected vulnerabilities that pose new challenges. For example, the timing differences introduced by caches or sp...

Software exploitable Hardware Trojan Horses (HTHs) inserted into commercial CPUs allow the attacker to run his/her own software or to gain unauthorized privileges. Recently a novel menace raised: HTHs inserted by CAD tools. A consequence of such scenario is that HTHs must be considered a serious threat not only by academy but also by industry. In t...

The ability to evade Antivirus analyses is a highly coveted goal in the cybersecurity field, especially in the case of Red Team operations where advanced external threats against a target infrastructure are performed. In this paper we present the design and implementation of PEzoNG, a framework for automatically creating stealth binaries that targe...

Modern wireless communication networks are threatened by new generations of radio hackers. These are skilled attackers equipped with low-cost software radios, suitably instrumented so as to monitor, degrade, or even alter the radio signals. The aim of this paper is to devise innovative detection architectures against the most common classes of thre...

The increasing performance requirements of modern applications place a significant burden on software-based packet processing. Most of today’s software input/output accelerations achieve high performance at the expense of reserving CPU resources dedicated to continuously poll the Network Interface Card. This is specifically the case with DPDK (Data...

With the aim to facilitate compliance with the GDPR, particularly for SMEs, this paper summarises the results of the H2020 BPR4GDPR project. With a focus on business processes, the project has proposed a holistic approach able to support compliant processes, while fulfilling requirements covering diverse application domains. The main pillars of the...

A user accessing an online recommender system typically has two choices: either agree to be uniquely identified and in return receive a personalized and rich experience, or try to use the service anonymously but receive a degraded non-personalized service. In this paper, we offer a third option to this “all or nothing” paradigm, namely use a web se...

The Google's Loon (TM) initiative aims at covering rural or underdeveloped areas via fleets of high-altitude balloons supporting LTE connectivity. But how effective and stable can be the coverage provided by a network deployed via propulsion-free balloons, floating in the sky, and only loosely controllable through altitude variations To provide som...

The design of an access control technique for devices not connected to the Internet can present some very difficult challenges. Among others, how to properly handle user revocation stands out. In this paper, we present TooLate, a cryptosystem that allows an authority to grant access to a user over a set of encrypted files stored on an offline devi...

The ongoing roll-out of 5G is causing worries among a fraction of the population. One big concern is the fact that 5G requires significantly more cell towers, and this may be perceived by some as more unintentional exposure to wireless radiation. The purpose of this article is to explain, in simple terms but still leveraging quantitative arguments,...

A very popular theory circulating among non-scientific communities claims that the massive deployment of Base Stations (BSs) over the territory, a.k.a. cellular network densification, always triggers an uncontrolled and exponential increase of human exposure to Radio Frequency "Pollution" (RFP). To face such concern in a way that can be understood...

The COVID-19 pandemic has suddenly raised the need for technological solutions able to trace contacts of people and provide location-based analytics. Several countries have adopted proximity-based (short-range) technologies, such as Bluetooth, which, however, appear to be hindered by deployment issues, security leakage, lack of reliability, and dat...

Besides providing data sharing, commercial cloud-based storage services (e.g., Dropbox) also enforce access control, i.e. permit users to decide who can access which data. In this paper we advocate the separation between the sharing of data and the access control function. We specifically promote an overlay approach which provides end-to-end encryp...

The increasing performance requirements of modern applications place a significant burden on software-based packet processing. Most of today's software input/output accelerations achieve high performance at the expense of reserving CPU resources dedicated to continuously poll the Network Interface Card. This is specifically the case with DPDK (Data...

Code injection is one of the top cyber security attack vectors in the modern world. To overcome the limitations of conventional signature-based detection techniques, and to complement them when appropriate, multiple machine learning approaches have been proposed. While analysing these approaches, the surveys focus predominantly on the general intru...

In this letter, we propose three schemes designed to detect attacks over the air interface in cellular networks. These decision rules rely on the generalized likelihood ratio test, and are fed by data that can be acquired using common off-the-shelf receivers. In addition to more classical (barrage/smart) noise jamming attacks, we further assess the...

In this letter, we propose three schemes designed to detect attacks over the air interface in cellular networks. These decision rules rely on the generalized likelihood ratio test, and are fed by data that can be acquired using common off-the-shelf receivers. In addition to more classical (barrage/smart) noise jamming attacks, we further assess the...

A recurring task in security monitoring/anomaly detection applications consists in finding the so-called top “spreaders” (“scanners”), for instance hosts which connect to a large number of distinct destinations or hit different ports. Estimating the top k scanners, and their cardinality, using the least amount of memory meanwhile running at multi-G...

IMSI catching attacks are a type of privacy threats designed to locate and track specific users by gathering their long-term identifiers, i.e., their International Mobile Subscriber Identity (IMSI). In order to understand how different mobile phone brands respond to different attack methods, this article makes a twofold contribution. We first addre...

Cardinality estimation, also known as count-distinct, is the problem of finding the number of different elements in a set with repeated elements. Among the many approximate algorithms proposed for this task, HyperLogLog (HLL) has established itself as the state of the art due to its ability to accurately estimate cardinality over a large range of...

The papers in this special issue focus on sustainable cyber forensics and threat intelligence. Increasing societal reliance on interconnected digital systems, including smart grids and Internet of Things (IoT), made sustainable detection and investigation of threat actors among the highest priorities of any society. Scale and attack surface of mode...

Collaborative recommending systems aim to predict a potential user‐item rating on the basis of remaining ones. Since, in several contexts, sharing of other users' ratings may be prevented by confidentiality concerns, several works have effectively addressed the design of privacy preserving recommenders. Still, most of the proposed solutions rely on...

DPDK (Data Plane Development Kit) is arguably today's most employed framework for software packet processing. Its impressive performance however comes at the cost of precious CPU resources, dedicated to continuously poll the NICs. To face this issue, this paper presents Metronome, an approach devised to replace the continuous DPDK polling with a sl...

Location based services are expected to play a major role in future generation cellular networks, starting from the incoming 5G systems. At the same time, localization technologies may be severely affected by attackers capable to deploy low cost fake base stations and use them to alter localization signals. In this paper, we concretely focus on two...

The ongoing roll-out of 5G is causing concern among a fraction of the population. The main reason probably lies in the fact that 5G requires significantly more cell towers, and this may be perceived by some as more unintentional exposure to wireless radiation. The purpose of this article is to explain,in layman’s terms but still leveraging simplifi...

The scientific literature peer review workflow is under strain because of the constant growth of submission volume. One response to this is to make initial screening of submissions less time intensive. Reducing screening and review time would save millions of working hours and potentially boost academic productivity. Many platforms have already sta...

DPDK (Data Plane Development Kit) is arguably today's most employed framework for software packet processing. Its impressive performance however comes at the cost of precious CPU resources, dedicated to continuously poll the NICs. To face this issue, this paper presents Metronome, an approach devised to replace the continuous DPDK polling with a sl...

LoRaWAN (Long Range Wide Area Network) is an attractive network infrastructure and protocol suite for ultra low power Internet of Things devices. Even if the technology itself is quite mature and specified, the currently deployed wireless resource allocation strategies are still coarse and based on rough heuristics. This paper proposes an innovativ...

FPGA accelerators on the NIC enable the offloading of expensive packet processing tasks from the CPU. However, FPGAs have limited resources that may need to be shared among diverse applications, and programming them is difficult. We present a solution to run Linux's eXpress Data Path programs written in eBPF on FPGAs, using only a fraction of the a...

Besides significantly outperforming past generations in terms of capacity and throughput, 5G networks and systems will provide an infrastructure for the support of highly diversified services and “verticals”. Indeed, the major paradigm shift with respect to previous cellular network generations, specifically oriented to one class of terminals (name...

A very popular theory circulating among non-scientific communities claims that the massive deployment of 5G base stations over the territory, a.k.a. 5G densification, always triggers an uncontrolled and exponential increase of human exposure to Radio Frequency "Pollution" (RFP). To face such concern in a way that can be understood by the layman, in...

Programmable data planes recently emerged as a prominent innovation in Software Defined Networking (SDN). They provide support for stateful per-packet/per-flow operations over hardware network switches specifically designed for network processing. Unlike early SDN solutions such as OpenFlow, modern stateful data planes permit to keep (and dynamical...

In a network it is interesting to know the different number of flows that traverse a switch or link or the number of connections coming from a specific sub-network. This is generally known as cardinality estimation or count distinct. The HyperLogLog (HLL) algorithm is widely used to estimate cardinality with a small memory footprint and simple per...

A common concern among the population is that installing new 5G Base Stations (BSs) over a given geographic region may result in an uncontrollable increase of Radio-Frequency ``Pollution'' (RFP). To face this dispute in a way that can be understood by the layman, we develop a very simple model, which evaluates the RFP at selected distances between...

We focus on the ElectroMagnetic Field (EMF) exposure safety for people living in the vicinity of cellular towers. To this aim, we analyze a large dataset of long-term EMF measurements collected over almost 20 years in more than 2000 measurement points spread over an Italian region. We evaluate the relationship between EMF exposure and the following...

We focus on the ElectroMagnetic Field (EMF) exposure safety for people living in the vicinity of cellular towers. To this aim, we analyze a large dataset of long-term EMF measurements collected over almost 20 years in more than 2000 measurement points spread over an Italian region. We evaluate the relationship between EMF exposure and the following...

A common concern among the population is that installing new 5G Base Stations (BSs) over a given geographic region may result in an uncontrollable increase of Radio-Frequency "Pollution" (RFP). To face this dispute in a way that can be understood by the layman, we develop a very simple model, which evaluates the RFP at selected distances between th...

This paper outlines the approach followed by the H2020 BPR4GDPR project to facilitate GDPR compliance. Its goal is to provide a holistic framework able to support end-to-end GDPR-compliant intra- and inter-organisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse ap...

Programmable data planes recently emerged as a prominent innovation in Software Defined Networking (SDN), by permitting support of stateful flow processing functions over hardware network switches specifically designed for network processing. Unlike early SDN solutions such as OpenFlow, modern stateful data planes permit to keep (and dynamically up...

Current authentication methods on the Web have serious weaknesses. First, services heavily rely on the traditional password paradigm, which diminishes the end-users' security and usability. Second, the lack of attribute-based authentication does not allow anonymity-preserving access to services. Third, users have multiple online accounts that often...

In spite of being just a few years old, ransomware is quickly becoming a serious threat to our digital infrastructures, data and services. Majority of ransomware families are requesting for a ransom payment to restore a custodian access or decrypt data which were encrypted by the ransomware earlier. Although the ransomware attack strategy seems to...

In this paper, we propose new means to quantify journals’ interdisciplinarity by exploiting the bipartite relation between scholars and journals where such scholars do publish. Our proposed approach is entirely data-driven (i.e., unsupervised): we just rely on the spectral properties of the bipartite bibliometric network, without requiring any a-pr...

The Quantum Internet, a network interconnecting remote quantum devices through quantum links in synergy with classical ones, is envisioned as the final stage of the quantum revolution, opening fundamentally new communications and computing capabilities. But the Quantum Internet is governed by the laws of quantum mechanics. Phenomena with no counter...

XTRA (XFSM for Transport) aims at providing a first attempt towards a “ code-once-port-everywhere ” platform-agnostic programming abstraction tailored to the deployment of transport layer functions. XTRA’s programming abstraction not only fits SW platforms, but is specifically designed to harness, with no re-coding effort, the offloading opportuni...

Code Injection attacks such as SQL Injection and Cross-Site Scripting (XSS) are among the major threats for today’s web applications and systems. This paper proposes CODDLE, a deep learning-based intrusion detection systems against web-based code injection attacks. CODDLE’s main novelty consists in adopting a Convolutional Deep Neural Network and i...

Many IoT applications require a regular periodic sampling of physical quantities such as light, CO2, or position. However, for energy harvesting devices, this can be in sharp contrast with the unreliable and time-varying amount of energy gathered opportunistically from the environment, and the severe energy storage limitations in constrained device...

Cyber risk management is a very important problem for every company connected to the internet. Usually, risk management is done considering only Risk Analysis without connecting it with Vulnerability Assessment, using external and expensive tools. In this paper we present CYber Risk Vulnerability Management (CYRVM)—a custom-made software platform d...

LoRaWAN (Long Range Wide Area Network) is emerging as an attractive network infrastructure for ultra low power Internet of Things devices. Even if the technology itself is quite mature and specified, the currently deployed wireless resource allocation strategies are still coarse and based on rough heuristics. This paper proposes an innovative ``seq...

With the advent of distributed systems, secure and privacy-preserving data sharing between different entities (individuals or organizations) becomes a challenging issue. There are several real-world scenarios in which different entities are willing to share their private data only under certain circumstances, such as sharing the system logs when th...

On August 14, 2018, a new set of vulnerabilities collectively named "L1 terminal fault" were announced. Systems with microprocessors utilizing out-of-order execution could allow unauthorized disclosure of information residing in the L1 data cache, by tweaking the virtual memory abstraction. The vulnerability was therein mentioned for three differen...

The ongoing network softwarization trend holds the promise to revolutionize network infrastructures by making them more flexible, reconfigurable, portable, and more adaptive than ever. Still, the migration from hard-coded/hard-wired network functions toward their software-programmable counterparts comes along with the need for tailored optimization...

Simultaneous random access attempts from massive machine-type communications (mMTC) devices may severely congest a shared physical random access channel (PRACH) in mobile networks. This paper presents a novel two-phase random access (TPRA) procedure to deal with the congestion caused by mMTC devices accessing the PRACH. During the first phase, the...

This paper stems from the observation that researchers in different fields tend to publish in different journals. Such a relationship between researchers and journals is quantitatively exploited to identify scientific community clusters, by casting the community detection problem into a co-clustering problem on bipartite graphs. Such an approach ha...

On August 14, 2018, a new set of vulnerabilities collectively named "L1 terminal fault" were announced. Systems with microprocessors utilizing out-of-order execution could allow unauthorized disclosure of information residing in the L1 data cache, by breaking the virtual memory abstraction. The vulnerability was mentioned for three different scenar...

Narrowband Internet of Things (NB-IoT) is a cellular standard supporting Internet of Things (IoT) applications in wide area. NB-IoT utilizes ‘repetition’ to extend the coverage of the base station. The repetition value in NB-IoT physical random access channel (NPRACH) is set to ensure 99% detection probability without considering the inherent ‘retr...

Current authentication methods on the Web have serious weaknesses. First, services heavily rely on the traditional password paradigm, which diminishes the end-users' security and usability. Second, the lack of attribute-based authentication does not allow anonymity-preserving access to services. Third, users have multiple online accounts that ofte...

By networking multiple quantum devices, the Quantum Internet builds up a virtual quantum machine able to provide an exponential scale-up of the quantum computing power. Hence, the Quantum Internet is envisioned as a way to open a new distributed computing era. But the Quantum Internet is governed by the laws of quantum mechanics. Phenomena with no...

While celebrating the 21st year since the very first IEEE 802.11 “legacy” 2 Mbit/s wireless Local Area Network standard, the latest Wi-Fi newborn is today reaching the finish line, topping the remarkable speed of 10 Gbit/s. IEEE 802.11ax was launched in May 2014 with the goal of enhancing throughput-per-area in high-density scenarios. The first 802...

In this invited paper, the authors discuss the exponential computing speed-up achievable by interconnecting quantum computers through a quantum internet. They also identify key future research challenges and open problems for quantum internet design and deployment.

The media has brought to the attention of the general public the issue of subjects claiming titles (e.g. academic degrees) which they have not achieved. Verifying these identity claims can be a cumbersome task. In this paper we show how identity claims can be supported through a permissioned blockchain. Although our approach can be applied to multi...

Recently, with new hardware architectures such as Reconfigurable Match Tables and languages such as P4, the Software Defined Networking community has started to bring line‐rate data plane programmability inside switching chipsets. Starting from the original OpenFlow's match/action abstraction, most of the work has so far focused on key improvements...

While enabling brand new services and opportunities, the federation of vertical Internet of Things platforms presents new challenges in terms of secure and controlled access to heterogeneous resources, especially when authorization permissions must be regulated by multiple decentralized authorities. The work presented herein designs, develops, and...