Authentication and Integrity Protection at Data and Physical layer for Critical Infrastructures

This thesis examines the authentication and the data integrity services in two prominent emerging contexts such as Global Navigation Satellite Systems (GNSS) and the Internet of Things (IoT), analyzing various techniques proposed in the literature and proposing novel methods. GNSS, among which Global Positioning System (GPS) is the most widely used, provide affordable access to accurate positioning and timing with global coverage. There are several motivations to attack GNSS: from personal privacy reasons, to disrupting critical infrastructures for terrorist purposes. The generation and transmission of spoofing signals either for research purpose or for actually mounting attacks has become easier in recent years with the increase of the computational power and with the availability on the market of Software Defined Radios (SDRs), general purpose radio devices that can be programmed to both receive and transmit RF signals. In this thesis a security analysis of the main currently proposed data and signal level authentication mechanisms for GNSS is performed. A novel GNSS data level authentication scheme, SigAm, that combines the security of asymmetric cryptographic primitives with the performance of hash functions or symmetric key cryptographic primitives is proposed. Moreover, a generalization of GNSS signal layer security code estimation attacks and defenses is provided, improving their performance, and an autonomous anti-spoofing technique that exploits semi-codeless tracking techniques is introduced. Finally, physical layer authentication techniques for IoT are discussed, providing a trade-off between the performance of the authentication protocol and energy expenditure of the authentication process

Secure Communications in Next Generation Digital Aeronautical Datalinks

As of 2022, Air Traffic Management (ATM) is gradually digitizing to automate and secure data transmission in civil aviation. New digital data links like the L-band Digital Aeronautical Communications System (LDACS) are being introduced for this purpose. LDACS is a cellular, ground-based digital communications system for flight guidance and safety. Unfortunately, LDACS and many other datalinks in civil aviation lack link layer security measures. This doctoral thesis proposes a cybersecurity architecture for LDACS, developing various security measures to protect user and control data. These include two new authentication and key establishment protocols, along with a novel approach to secure control data of resource-constrained wireless communication systems. Evaluations demonstrate a latency increase of 570 to 620 milliseconds when securely attaching an aircraft to an LDACS cell, along with a 5% to 10% security data overhead. Also, flight trials confirm that Ground-based Augmentation System (GBAS) can be securely transmitted via LDACS with over 99% availability. These security solutions enable future aeronautical applications like 4D-Trajectories, paving the way for a digitized and automated future of civil aviation

SpreadMeNot: A Provably Secure and Privacy-Preserving Contact Tracing Protocol

A plethora of contact tracing apps have been developed and deployed in several countries around the world in the battle against Covid-19. However, people are rightfully concerned about the security and privacy risks of such applications. To this end, the contribution of this work is twofold. First, we present an in-depth analysis of the security and privacy characteristics of the most prominent contact tracing protocols, under both passive and active adversaries. The results of our study indicate that all protocols are vulnerable to a variety of attacks, mainly due to the deterministic nature of the underlying cryptographic protocols. Our second contribution is the design and implementation of SpreadMeNot, a novel contact tracing protocol that can defend against most passive and active attacks, thus providing strong (provable) security and privacy guarantees that are necessary for such a sensitive application. Our detailed analysis, both formal and experimental, shows that SpreadMeNot satisfies security, privacy, and performance requirements, hence being an ideal candidate for building a contact tracing solution that can be adopted by the majority of the general public, as well as to serve as an open-source reference for further developments in the field

Law and Policy for the Quantum Age

Law and Policy for the Quantum Age is for readers interested in the political and business strategies underlying quantum sensing, computing, and communication. This work explains how these quantum technologies work, future national defense and legal landscapes for nations interested in strategic advantage, and paths to profit for companies