Study of Security Issues in Pervasive Environment of Next Generation Internet of Things

Internet of Things is a novel concept that semantically implies a world-wide network of uniquely addressable interconnected smart objects. It is aimed at establishing any paradigm in computing. This environment is one where the boundary between virtual and physical world is eliminated. As the network gets loaded with hitherto unknown applications, security threats also become rampant. Current security solutions fail as new threats appear to de-struct the reliability of information. The network has to be transformed to IPv6 enabled network to address huge number of smart objects. Thus new addressing schemes come up with new attacks. Real time analysis of information from the heterogeneous smart objects needs use of cloud services. This can fall prey to cloud specific security threats. Therefore need arises for a review of security threats for a new area having huge demand. Here a study of security issues in this domain is briefly presented.Comment: 12 pages, CISIM 201

Blockchain in Energy Communities, A proof of concept

This report aims at exploring the use of the distributed ledger paradigm to incentive the participation of the citizen to a truly free, open and interoperable energy market, producing a feasibility study and a first demo testbed, taking also into consideration privacy, cybersecurity and big-data issues of the smart-home in the Energy market context. This study is intended to support point 4.1, 4.2 and 4.3 of the DSM (COM(2015)192) and point 2.2 of the Energy Union package (COM(2015)80.JRC.E.3-Cyber and Digital Citizens' Securit

Security in DevOps: understanding the most efficient way to integrate security in the agile software development process

Modern development methodologies follow a fast and dynamic pace, which gives great attention to customers’ satisfaction in the delivery of new releases. On the other hand, the work pursued to secure a system, if not adapted to the new development trend, can risk to slow down the delivery of new software and the adaptability typical for an Agile environment. Therefore, it is paramount to think about a new way to integrate security into the development framework, in order to secure the software in the best way without slowing down the pace of the developers. Moreover, the implementation of automatic and repeatable security controls inside the development pipeline can help to catch the presence of vulnerabilities as early as possible, thus reducing costs, comparing to solving the issues at later stages. The thesis presents a series of recommendations on how to best deploy a so called DevSecOps approach and applies the theory to the use case of Awake.AI, a Finnish startup company focusing its business on the maritime industry. It is not always easy and feasible to practically apply all the suggestions presented in the literature to a real case scenario, but rather the recommendations need to be adapted and forged in a way that best suits the situation and the current target. It is undeniable that the presence of a strong and efficient secure development framework can give substantial advantage to the success of a company. In fact, not only it makes sure that the delivery of good quality code to the customers is not slowed down, but it also dramatically reduces the risk of incurring in expensive security incidents. Lastly, it is valuable to also mention that, being able to show a clean and efficient approach to security, the framework improves the reputation and trustfulness of the company under the eyes of the customers

Software Attestation with Static and Dynamic Techniques

L'abstract è presente nell'allegato / the abstract is in the attachmen

Persistent Homology Tools for Image Analysis

Topological Data Analysis (TDA) is a new field of mathematics emerged rapidly since the first decade of the century from various works of algebraic topology and geometry. The goal of TDA and its main tool of persistent homology (PH) is to provide topological insight into complex and high dimensional datasets. We take this premise onboard to get more topological insight from digital image analysis and quantify tiny low-level distortion that are undetectable except possibly by highly trained persons. Such image distortion could be caused intentionally (e.g. by morphing and steganography) or naturally in abnormal human tissue/organ scan images as a result of onset of cancer or other diseases. The main objective of this thesis is to design new image analysis tools based on persistent homological invariants representing simplicial complexes on sets of pixel landmarks over a sequence of distance resolutions. We first start by proposing innovative automatic techniques to select image pixel landmarks to build a variety of simplicial topologies from a single image. Effectiveness of each image landmark selection demonstrated by testing on different image tampering problems such as morphed face detection, steganalysis and breast tumour detection. Vietoris-Rips simplicial complexes constructed based on the image landmarks at an increasing distance threshold and topological (homological) features computed at each threshold and summarized in a form known as persistent barcodes. We vectorise the space of persistent barcodes using a technique known as persistent binning where we demonstrated the strength of it for various image analysis purposes. Different machine learning approaches are adopted to develop automatic detection of tiny texture distortion in many image analysis applications. Homological invariants used in this thesis are the 0 and 1 dimensional Betti numbers. We developed an innovative approach to design persistent homology (PH) based algorithms for automatic detection of the above described types of image distortion. In particular, we developed the first PH-detector of morphing attacks on passport face biometric images. We shall demonstrate significant accuracy of 2 such morph detection algorithms with 4 types of automatically extracted image landmarks: Local Binary patterns (LBP), 8-neighbour super-pixels (8NSP), Radial-LBP (R-LBP) and centre-symmetric LBP (CS-LBP). Using any of these techniques yields several persistent barcodes that summarise persistent topological features that help gaining insights into complex hidden structures not amenable by other image analysis methods. We shall also demonstrate significant success of a similarly developed PH-based universal steganalysis tool capable for the detection of secret messages hidden inside digital images. We also argue through a pilot study that building PH records from digital images can differentiate breast malignant tumours from benign tumours using digital mammographic images. The research presented in this thesis creates new opportunities to build real applications based on TDA and demonstrate many research challenges in a variety of image processing/analysis tasks. For example, we describe a TDA-based exemplar image inpainting technique (TEBI), superior to existing exemplar algorithm, for the reconstruction of missing image regions

A wireless method for monitoring medication compliance

There are many devices on the market to help remind patients to take their pills, but most require observation by a caregiver to assure medication compliance. This project demonstrates three modes to detect pill removal from a pillbox: a switch under the pills, a reflective type photointerrupter and a transmissive electric eye photosensor. Each mode exhibited blind spots or other failures to detect pill presence, but by combining modes with complementary characteristics, the accuracy of pill detection is greatly increased. Two methods of caregiver notification are demonstrated: text messages transmitted via an attached cellular phone, or the status is collected by a PC which provides an audit trail and daily notification if no pills were taken

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management