Security in Computer and Information Sciences

This open access book constitutes the thoroughly refereed proceedings of the Second International Symposium on Computer and Information Sciences, EuroCybersec 2021, held in Nice, France, in October 2021. The 9 papers presented together with 1 invited paper were carefully reviewed and selected from 21 submissions. The papers focus on topics of security of distributed interconnected systems, software systems, Internet of Things, health informatics systems, energy systems, digital cities, digital economy, mobile networks, and the underlying physical and network infrastructures. This is an open access book

Performance analysis of mobile networks under signalling storms

There are numerous security challenges in cellular mobile networks, many of which originate from the Internet world. One of these challenges is to answer the problem with increasing rate of signalling messages produced by smart devices. In particular, many services in the Internet are provided through mobile applications in an unobstructed manner, such that users get an always connected feeling. These services, which usually come from instant messaging, advertising and social networking areas, impose significant signalling loads on mobile networks by frequent exchange of control data in the background. Such services and applications could be built intentionally or unintentionally, and result in denial of service attacks known as signalling attacks or storms. Negative consequences, among others, include degradations of mobile network’s services, partial or complete net- work failures, increased battery consumption for infected mobile terminals. This thesis examines the influence of signalling storms on different mobile technologies, and proposes defensive mechanisms. More specifically, using stochastic modelling techniques, this thesis first presents a model of the vulnerability in a single 3G UMTS mobile terminal, and studies the influence of the system’s internal parameters on stability under a signalling storm. Further on, it presents a queueing network model of the radio access part of 3G UMTS and examines the effect of the radio resource control (RRC) inactivity timers. In presence of an attack, the proposed dynamic setting of the timers manage to lower the signalling load in the network and to increase the threshold above which a network failure could happen. Further on, the network model is upgraded into a more generic and detailed model, represent different generations of mobile technologies. It is than used to compare technologies with dedicated and shared organisation of resource allocation, referred to as traditional and contemporary networks, using performance metrics such as: signalling and communication delay, blocking probability, signalling load on the network’s nodes, bandwidth holding time, etc. Finally, based on the carried analysis, two mechanisms are proposed for detection of storms in real time, based on counting of same-type bandwidth allocations, and usage of allocated bandwidth. The mechanisms are evaluated using discrete event simulation in 3G UMTS, and experiments are done combining the detectors with a simple attack mitigation approach.Open Acces

Phase Combination and its Application to the Solution of Macromolecular Structures: Developing ALIXE and SHREDDER

[eng] Phasing X-ray data within the frame of the ARCIMBOLDO programs requires very accurate models and a sophisticated evaluation of the possible hypotheses. ARCIMBOLDO uses small fragments, that are placed with the maximum likelihood molecular replacement program Phaser, and are subject to density modification and autotracing with the program SHELXE. The software receives its name from the Italian painter Giuseppe Arcimboldo, who used to compose portraits out of common objects such as vegetables or flowers. Out of most possible arrangements of such objects, only a still-life will result, and just a few ones will truly produce a portrait. In a similar way, from all possible placements with small protein fragments, only a few will be correct and will allow to get the full “protein’s portrait”. The work presented in this thesis has explored new ways to exploit partial information and increase the signal in the process of phasing with fragments. This has been achieved through two main pieces of software, ALIXE and SHREDDER. With the spherical mode in ARCIMBOLDO_SHREDDER, the aim is to derive compact fragments starting from a distant homolog to our unknown protein of interest. Then, locations for these fragments are searched with Phaser. These include strategies for refining the fragments against the experimental data and giving them more degrees of freedom. With ALIXE, the aim is to combine information in reciprocal space from partial solutions, such as the ones produced by SHREDDER, and use the coherence between them to guide their merging and to increase the information content, so that the step of density modification and autotracing starts from a more complete solution. Even if partial solutions contain both correct and incorrect information, the combination of solutions that share some similarity will allow to get a better approximation to the correct structure. Both ARCIMBOLDO_SHREDDER and ALIXE have been used on test data for development and optimisation but also on datasets from previously unknown structures, which have been solved thanks to these programs. These programs are distributed through the website of the group but also through software suites of general use in the crystallographic community such as CCP4 and SBGrid

Smart Sensing Technologies for Personalised Coaching

People living in both developed and developing countries face serious health challenges related to sedentary lifestyles. It is therefore essential to find new ways to improve health so that people can live longer and can age well. With an ever-growing number of smart sensing systems developed and deployed across the globe, experts are primed to help coach people toward healthier behaviors. The increasing accountability associated with app- and device-based behavior tracking not only provides timely and personalized information and support but also gives us an incentive to set goals and to do more. This book presents some of the recent efforts made towards automatic and autonomous identification and coaching of troublesome behaviors to procure lasting, beneficial behavioral changes

Usability in digitalen Kooperationsnetzwerken. Nutzertests und Logfile-Analyse als kombinierte Methode

Usability is a key factor when developing new applications. The interaction between the users and the application should be efficient, effective and engaging. Furthermore, a good usability includes a high error tolerance and an good learnability. Different methods allow the measurement of usability throughout the development (process). All methods have in common that the different employed steps like planning, conducting and evaluating are rather time-consuming. When end-users are included as subjects, usability tests are employed. Due to the high time-effort, usually ten or less tests are conducted. The thesis tries to solve this point by trying to combine usability tests and logfile analysis. The empirical work is two-folded. First, usability tests within a learning management system (LMS) are logged in the background. These logfiles are assigned to severe usability problems. Second, the paths of the severe usability problems are combined with logfile data from a real-world LMS that runs the same application. The real-world logfiles contain a period of about 300 days with 133 active users. Prior to the combination, both data sets converted into a similar format. Being a new procedure, the definite similarity value had to be specified by descriptive statistics and visual inspections. The final combination makes it possible to determine the severity of usability problems on the basis of real-world usage data. The proposed method offers a more precise overview of the occurrence of the found usability problems, independent of the test situation. This thesis provides additional value to the fields of (Web) Data Mining, Usability and Human-Computer Interaction (HCI). It also offers additional knowledge to the field of software development, quantitative and quantitative research as well as computer-supported cooperative work (CSCW) and learning management systems (LMS)

Security Risk Management for the Internet of Things

In recent years, the rising complexity of Internet of Things (IoT) systems has increased their potential vulnerabilities and introduced new cybersecurity challenges. In this context, state of the art methods and technologies for security risk assessment have prominent limitations when it comes to large scale, cyber-physical and interconnected IoT systems. Risk assessments for modern IoT systems must be frequent, dynamic and driven by knowledge about both cyber and physical assets. Furthermore, they should be more proactive, more automated, and able to leverage information shared across IoT value chains. This book introduces a set of novel risk assessment techniques and their role in the IoT Security risk management process. Specifically, it presents architectures and platforms for end-to-end security, including their implementation based on the edge/fog computing paradigm. It also highlights machine learning techniques that boost the automation and proactiveness of IoT security risk assessments. Furthermore, blockchain solutions for open and transparent sharing of IoT security information across the supply chain are introduced. Frameworks for privacy awareness, along with technical measures that enable privacy risk assessment and boost GDPR compliance are also presented. Likewise, the book illustrates novel solutions for security certification of IoT systems, along with techniques for IoT security interoperability. In the coming years, IoT security will be a challenging, yet very exciting journey for IoT stakeholders, including security experts, consultants, security research organizations and IoT solution providers. The book provides knowledge and insights about where we stand on this journey. It also attempts to develop a vision for the future and to help readers start their IoT Security efforts on the right foot

Graphs behind data: A network-based approach to model different scenarios

openAl giorno d’oggi, i contesti che possono beneficiare di tecniche di estrazione della conoscenza a partire dai dati grezzi sono aumentati drasticamente. Di conseguenza, la definizione di modelli capaci di rappresentare e gestire dati altamente eterogenei è un argomento di ricerca molto dibattuto in letteratura. In questa tesi, proponiamo una soluzione per affrontare tale problema. In particolare, riteniamo che la teoria dei grafi, e più nello specifico le reti complesse, insieme ai suoi concetti ed approcci, possano rappresentare una valida soluzione. Infatti, noi crediamo che le reti complesse possano costituire un modello unico ed unificante per rappresentare e gestire dati altamente eterogenei. Sulla base di questa premessa, mostriamo come gli stessi concetti ed approcci abbiano la potenzialità di affrontare con successo molti problemi aperti in diversi contesti. ​Nowadays, the amount and variety of scenarios that can benefit from techniques for extracting and managing knowledge from raw data have dramatically increased. As a result, the search for models capable of ensuring the representation and management of highly heterogeneous data is a hot topic in the data science literature. In this thesis, we aim to propose a solution to address this issue. In particular, we believe that graphs, and more specifically complex networks, as well as the concepts and approaches associated with them, can represent a solution to the problem mentioned above. In fact, we believe that they can be a unique and unifying model to uniformly represent and handle extremely heterogeneous data. Based on this premise, we show how the same concepts and/or approach has the potential to address different open issues in different contexts. ​INGEGNERIA DELL'INFORMAZIONEopenVirgili, Luc