BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Simone Raponi

Simone Raponi contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and Securitycs.CYeess.ASeess.SPMachine LearningNetworking and Internet ArchitectureSound

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
6works
0followers
7topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

6 published item(s)

preprint2021arXiv

Long-Term Noise Characterization of Narrowband Power Line Communications

Noise modeling in power line communications has recently drawn the attention of researchers. However, when characterizing the noise process in narrowband communications, previous works have only focused on small-scale phenomena involving fine-grained details. Nevertheless, the communication link's reliability is also affected by long-term noise phenomena that might affect transfer rates at higher layers as well. This paper addresses the problem of long-term noise characterization for narrowband power line communications and provides a statistical analysis of the long-term trends affecting the noise levels. We present a statistical description of the noise process in the time and frequency domains based on real field measurements in the FCC band (10 kHz - 490 kHz). The collected data comprises more than 1.8 billion samples taken from three different locations over a time period of approximately 10 days. The noise samples have been statistically analyzed by considering stationarity, autocorrelation, and independence. Although our results -- being unprecedented -- are interesting per se, they improve the noise pattern knowledge, thus paving the way for the design and implementation of more robust PLC protocols.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Sound of Guns: Digital Forensics of Gun Audio Samples meets Artificial Intelligence

Classifying a weapon based on its muzzle blast is a challenging task that has significant applications in various security and military fields. Most of the existing works rely on ad-hoc deployment of spatially diverse microphone sensors to capture multiple replicas of the same gunshot, which enables accurate detection and identification of the acoustic source. However, carefully controlled setups are difficult to obtain in scenarios such as crime scene forensics, making the aforementioned techniques inapplicable and impractical. We introduce a novel technique that requires zero knowledge about the recording setup and is completely agnostic to the relative positions of both the microphone and shooter. Our solution can identify the category, caliber, and model of the gun, reaching over 90% accuracy on a dataset composed of 3655 samples that are extracted from YouTube videos. Our results demonstrate the effectiveness and efficiency of applying Convolutional Neural Network (CNN) in gunshot classification eliminating the need for an ad-hoc setup while significantly improving the classification performance.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

A Longitudinal Study on Web-sites Password Management (in)Security: Evidence and Remedies

Single-factor password-based authentication is generally the norm to access on-line Web-sites. While single-factor authentication is well known to be a weak form of authentication, a further concern arises when considering the possibility for an attacker to recover the user passwords by leveraging the loopholes in the password recovery mechanisms. Indeed, the adoption by a Web-site of a poor password management system makes useless even the most robust password chosen by the registered users. In this paper, building on the results of our previous work, we study the possible attacks to on-line password recovery systems analyzing the mechanisms implemented by some of the most popular Web-sites. In detail, we provide several contributions: (i) we revise and detail the attacker model; (ii) we provide an updated analysis with respect to a preliminary study we carried out in December 2017; (iii) we perform a brand new analysis of the current top 200 Alexa's Web-sites of five major EU countries; and, (iv) we propose \sol, a working open-source module that could be adopted by any Web-site to provide registered users with a password recovery mechanism to prevent mail service provider-level attacks. Overall, it is striking to notice how the analyzed Web-sites have made little (if any) effort to become compliant with the GDPR regulation, showing that the objective to have basic user protection mechanisms in place---despite the fines threatened by GDPR---is still far, mainly because of sub-standard security management practices. Finally, it is worth noting that while this study has been focused on EU registered Web-sites, the proposed solution has, instead, general applicability.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

BrokenStrokes: On the (in)Security of Wireless Keyboards

Wireless devices resorting to event-triggered communications have been proved to suffer critical privacy issues, due to the intrinsic leakage associated with radio-frequency (RF) emissions. In this paper, we move the attack frontier forward by proposing BrokenStrokes: an inexpensive, easy to implement, efficient, and effective attack able to detect the typing of a pre-defined keyword by only eavesdropping the communication channel used by the wireless keyboard. BrokenStrokes proves itself to be a particularly dreadful attack: it achieves its goal when the eavesdropping antenna is up to 15 meters from the target keyboard, regardless of the encryption scheme, the communication protocol, the presence of radio noise, and the presence of physical obstacles. While we detail the attack in three current scenarios and discuss its striking performance--its success probability exceeds 90% in normal operating conditions--, we also provide some suggestions on how to mitigate it. The data utilized in this paper have been released as open-source to allow practitioners, industries, and academia to verify our claims and use them as a basis for further developments.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Cryptomining Makes Noise: a Machine Learning Approach for Cryptojacking Detection

A new cybersecurity attack,where an adversary illicitly runs crypto-mining software over the devices of unaware users, is emerging in both the literature and in the wild . This attack, known as cryptojacking, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently been proposed, with different features and performance, but all characterized by a host-based architecture. This kind of solutions, designed to protect the individual user, are not suitable for efficiently protecting a corporate network, especially against insiders. In this paper, we propose a network-based approach to detect and identify crypto-clients activities by solely relying on the network traffic, even when encrypted. First, we provide a detailed analysis of the real network traces generated by three major cryptocurrencies, Bitcoin, Monero, and Bytecoin, considering both the normal traffic and the one shaped by a VPN. Then, we propose Crypto-Aegis, a Machine Learning (ML) based framework built over the results of our investigation, aimed at detecting cryptocurrencies related activities, e.g., pool mining, solo mining, and active full nodes. Our solution achieves a striking 0.96 of F1-score and 0.99 of AUC for the ROC, while enjoying a few other properties, such as device and infrastructure independence. Given the extent and novelty of the addressed threat we believe that our approach, supported by its excellent results, pave the way for further research in this area.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Vessels Cybersecurity: Issues, Challenges, and the Road Ahead

Vessels cybersecurity is recently gaining momentum, as a result of a few recent attacks to vessels at sea. These recent attacks have shacked the maritime domain, which was thought to be relatively immune to cyber threats. The cited belief is now over, as proved by recent mandates issued by the International Maritime Organization (IMO). According to these regulations, all vessels should be the subject of a cybersecurity risk analysis, and technical controls should be adopted to mitigate the resulting risks. This initiative is laudable since, despite the recent incidents, the vulnerabilities and threats affecting modern vessels are still unclear to operating entities, leaving the potential for dreadful consequences of further attacks just a matter of "when", not "if". In this contribution, we investigate and systematize the major security weaknesses affecting systems and communication technologies adopted in modern vessels. Specifically, we describe the architecture and main features of the different systems, pointing out their main security issues, and specifying how they were exploited by attackers to cause service disruption and relevant financial losses. We also identify a few countermeasures to the introduced attacks. Finally, we highlight a few research challenges to be addressed by industry and academia to strengthen vessels security.

0 citations0 reviewsNo code linkedOpen access