Security assessment of IoT devices: The case of two smart TVs

Being increasingly complex devices, smart TVs are becoming more capable and have the potential to receive, store, process and transmit considerable amounts of personal data. These capabilities also represent several diverse attack surfaces potentially rendering these devices highly vulnerable. The emergence and high adoption rate of smart TVs have been drawing notable interest from security researchers and industry. We utilise an attack surface area-based approach to assess the security of two modern smart TVs from different vendors and describe some of the possible multi-surface attacks that can be carried out against these devices

Novel Attacks and Defenses for Enterprise Internet-of-Things (E-IoT) Systems

This doctoral dissertation expands upon the field of Enterprise Internet-of-Things (E-IoT) systems, one of the most ubiquitous and under-researched fields of smart systems. E-IoT systems are specialty smart systems designed for sophisticated automation applications (e.g., multimedia control, security, lighting control). E-IoT systems are often closed source, costly, require certified installers, and are more robust for their specific applications. This dissertation begins with an analysis of the current E-IoT threat landscape and introduces three novel attacks and defenses under-studied software and protocols heavily linked to E-IoT systems. For each layer, we review the literature for the threats, attacks, and countermeasures. Based on the systematic knowledge we obtain from the literature review, we propose three novel attacks and countermeasures to protect E-IoT systems. In the first attack, we present PoisonIvy, several attacks developed to show that malicious E-IoT drivers can be used to compromise E-IoT. In response to PoisonIvy threats, we describe Ivycide, a machine-learning network-based solution designed to defend E-IoT systems against E-IoT driver threats. As multimedia control is a significant application of E-IoT, we introduce is HDMI-Walk, a novel attack vector designed to demonstrate that HDMI\u27s Consumer Electronics Control (CEC) protocol can be used to compromise multiple devices through a single connection. To defend devices from this threat, we introduce HDMI-Watch, a standalone intrusion detection system (IDS) designed to defend HDMI-enabled devices from HDMI-Walk-style attacks. Finally, this dissertation evaluates the security of E-IoT proprietary protocols with LightingStrike, a series of attacks used to demonstrate that popular E-IoT proprietary communication protocols are insecure. To address LightningStrike threats, we introduce LGuard, a complete defense framework designed to defend E-IoT systems from LightingStrike-style attacks using computer vision, traffic obfuscation, and traffic analysis techniques. For each contribution, all of the defense mechanisms proposed are implemented without any modification to the underlying hardware or software. All attacks and defenses in this dissertation were performed with implementations on widely-used E-IoT devices and systems. We believe that the research presented in this dissertation has notable implications on the security of E-IoT systems by exposing novel threat vectors, raising awareness, and motivating future E-IoT system security research

A Holistic Analysis of Internet of Things (IoT) Security : Principles, Practices, and New Perspectives

Peer reviewedPublisher PD

Untangling the Web: A Guide To Internet Research

[Excerpt] Untangling the Web for 2007 is the twelfth edition of a book that started as a small handout. After more than a decade of researching, reading about, using, and trying to understand the Internet, I have come to accept that it is indeed a Sisyphean task. Sometimes I feel that all I can do is to push the rock up to the top of that virtual hill, then stand back and watch as it rolls down again. The Internet—in all its glory of information and misinformation—is for all practical purposes limitless, which of course means we can never know it all, see it all, understand it all, or even imagine all it is and will be. The more we know about the Internet, the more acute is our awareness of what we do not know. The Internet emphasizes the depth of our ignorance because our knowledge can only be finite, while our ignorance must necessarily be infinite. My hope is that Untangling the Web will add to our knowledge of the Internet and the world while recognizing that the rock will always roll back down the hill at the end of the day

Digitale Schwellen: Freiheit und Privatheit in der digitalisierten Welt

Eine Welt digitaler Techniken im weitesten Sinne verändert die Kommunikationsbeziehungen, die sozialen Beziehungen der Menschen untereinander und damit auch die sozialen Verhältnisse der Menschen in der Gesellschaft in fundamentaler Weise. Wir stehen ganz offensichtlich erst an der Schwelle des Verstehens dieser komplexen und alle Lebensbereiche verändernden Revolution. Die technischen Möglichkeiten, die unser Leben ja auch erleichtern können und schöner und klüger machen, werden in großer Geschwindigkeit erweitert, immer neue Schwellen des Mach- und Denkbaren werden permanent überschritten. Redaktionsschluss: April 201

Storia delle telecomunicazioni

Focusing on the history of scientific and technological development over recent centuries, the book is dedicated to the history of telecommunications, where Italy has always been in the vanguard, and is presented by many of the protagonists of the last half century. The book is divided into five sections. The first, dealing with the origins, starts from the scientific bases of the evolution of telecommunications in the nineteenth century (Bucci), addressing the developments of scientific thought that led to the revolution of the theory of fields (Morando), analysing the birth of the three fundamental forms of communication – telegraph (Maggi), telephone (Del Re) and radio (Falciasecca) – and ending with the contribution made by the Italian Navy to the development of telecommunications (Carulli, Pelosi, Selleri, Tiberio). The second section, on technical and scientific developments, presents the numerical processing of signals (Rocca), illustrating the genesis and metamorphosis of transmission (Pupolin, Benedetto, Mengali, Someda, Vannucchi), network packets (Marsan, Guadagni, Lenzini), photonics in telecommunications (Prati) and addresses the issue of research within the institutions (Fedi-Morello), dwelling in particular on the CSELT (Mossotto). The next section deals with the sectors of application, offering an overview of radio, television and the birth of digital cinema (Vannucchi, Visintin), military communications (Maestrini, Costamagna), the development of radar (Galati) and spatial telecommunications (Tartara, Marconicchio). Section four, on the organisation of the services and the role of industry, outlines the rise and fall of the telecommunications industries in Italy (Randi), dealing with the telecommunications infrastructures (Caroppo, Gamerro), the role of the providers in national communications (Gerarduzzi), the networks and the mobile and wireless services (Falciasecca, Ongaro) and finally taking a look towards the future from the perspective of the last fifty years (Vannucchi). The last section, dealing with training and dissemination, offers an array of food for thought: university training in telecommunications, with focus on the evolution of legislation and on the professional profiles (Roveri), social and cultural aspects (Longo and Crespellani) as well as a glance over the most important museums, collections and documentary sources for telecommunications in Italy (Lucci, Savini, Temporelli, Valotti). The book is designed to offer a compendium comprising different analytical approaches, and aims to foster an interest in technology in the new generations, in the hope of stimulating potentially innovative research