Researcher profile

Moreno Ambrosin

Moreno Ambrosin contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate

Cryptography and Security Networking and Internet Architecture

Trust snapshot

Quick read

Trust 19 - Baseline

5works

0followers

2topics

4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

preprint2016arXiv

On the Feasibility of Attribute-Based Encryption on Internet of Things Devices

Attribute-Based Encryption (ABE) could be an effective cryptographic tool for the secure management of Internet-of-Things (IoT) devices, but its feasibility in the IoT has been under-investigated thus far. This article explores such feasibility for well-known IoT platforms, namely, Intel Galileo Gen 2, Intel Edison, Raspberry Pi 1 Model B, and Raspberry Pi Zero, and concludes that adopting ABE in the IoT is indeed feasible.

preprint2016arXiv

Security and Privacy Analysis of NSF Future Internet Architectures

The Internet Protocol (IP) is the lifeblood of the modern Internet. Its simplicity and universality have fueled the unprecedented and lasting global success of the current Internet. Nonetheless, some limitations of IP have been emerging in recent years. Its original design envisaged supporting perhaps tens of thousands of static hosts operating in a friendly academic-like setting, mainly in order to facilitate email communication and remote access to scarce computing resources. At present IP interconnects billions of static and mobile devices (ranging from supercomputers to IoT gadgets) with a large and dynamic set of popular applications. Starting in mid-1990s, the advent of mobility, wirelessness and the web substantially shifted Internet usage and communication paradigms. This accentuated long-term concerns about the current Internet architecture and prompted interest in alternative designs. The U.S. National Science Foundation (NSF) has been one of the key supporters of efforts to design a set of candidate next-generation Internet architectures. As a prominent design requirement, NSF emphasized "security and privacy by design" in order to avoid the long and unhappy history of incremental patching and retrofitting that characterizes the current Internet architecture. To this end, as a result of a competitive process, four prominent research projects were funded by the NSF in 2010: Nebula, Named-Data Networking (NDN), MobilityFirst (MF), and Expressive Internet Architecture (XIA). This paper provides a comprehensive and neutral analysis of salient security and privacy features (and issues) in these NSF-funded Future Internet Architectures. It also compares the four candidate designs with the current IP-based architecture and discusses similarities, differences, and possible improvements.

preprint2015arXiv

LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks

Software Defined Networking (SDN) is a new networking architecture which aims to provide better decoupling between network control (control plane) and data forwarding functionalities (data plane). This separation introduces several benefits, such as a directly programmable and (virtually) centralized network control. However, researchers showed that the required communication channel between the control and data plane of SDN creates a potential bottleneck in the system, introducing new vulnerabilities. Indeed, this behavior could be exploited to mount powerful attacks, such as the control plane saturation attack, that can severely hinder the performance of the whole network. In this paper we present LineSwitch, an efficient and effective solution against control plane saturation attack. LineSwitch combines SYN proxy techniques and probabilistic blacklisting of network traffic. We implemented LineSwitch as an extension of OpenFlow, the current reference implementation of SDN, and evaluate our solution considering different traffic scenarios (with and without attack). The results of our preliminary experiments confirm that, compared to the state-of-the-art, LineSwitch reduces the time overhead up to 30%, while ensuring the same level of protection.

preprint2015arXiv

On the Feasibility of Attribute-Based Encryption on Smartphone Devices

Attribute-Based Encryption (ABE) is a powerful cryptographic tool that allows fine-grained access control over data. Due to its features, ABE has been adopted in several applications, such as encrypted storage or access control systems. Recently, researchers argued about the non acceptable performance of ABE when implemented on mobile devices. Indeed, the non feasibility of ABE on mobile devices would hinder the deployment of novel protocols and services--that could instead exploit the full potential of such devices. However, we believe the conclusion of non usability was driven by a not-very efficient implementation. In this paper, we want to shine a light on this concern by studying the feasibility of applying ABE on smartphone devices. In particular, we implemented AndrABEn, an ABE library for Android operating system. Our library is written in the C language and implements two main ABE schemes: Ciphertext-Policy Attribute-Based Encryption, and Key- Policy Attribute-Based Encryption. We also run a thorough set of experimental evaluation for AndrABEn, and compare it with the current state-of-the-art (considering the same experimental setting). The results confirm the possibility to effectively use ABE on smartphone devices, requiring an acceptable amount of resources in terms of computations and energy consumption. Since the current state-of-the-art claims the non feasibility of ABE on mobile devices, we believe that our study (together with the AndrABEn library that we made available online) is a key result that will pave the way for researchers and developers to design and implement novel protocols and applications for mobile devices.

preprint2013arXiv

Covert Ephemeral Communication in Named Data Networking

In the last decade, there has been a growing realization that the current Internet Protocol is reaching the limits of its senescence. This has prompted several research efforts that aim to design potential next-generation Internet architectures. Named Data Networking (NDN), an instantiation of the content-centric approach to networking, is one such effort. In contrast with IP, NDN routers maintain a significant amount of user-driven state. In this paper we investigate how to use this state for covert ephemeral communication (CEC). CEC allows two or more parties to covertly exchange ephemeral messages, i.e., messages that become unavailable after a certain amount of time. Our techniques rely only on network-layer, rather than application-layer, services. This makes our protocols robust, and communication difficult to uncover. We show that users can build high-bandwidth CECs exploiting features unique to NDN: in-network caches, routers' forwarding state and name matching rules. We assess feasibility and performance of proposed cover channels using a local setup and the official NDN testbed.