Trusted GNSS-Based Time Synchronization for Industry 4.0 Applications

The protection of satellite-derived timing information is becoming a fundamental requirement in Industry 4.0 applications, as well as in a growing number of critical infrastructures. All the industrial systems where several nodes or devices communicate and/or coordinate their functionalities by means of a communication network need accurate, reliable and trusted time synchronization. For instance, the correct operation of automation and control systems, measurement and automatic test systems, power generation, transmission, and distribution typically require a sub-microsecond time accuracy. This paper analyses the main attack vectors and stresses the need for software integrity control at network nodes of Industry 4.0 applications to complement existing security solutions that focus on Global Navigation Satellite System (GNSS) radio-frequency spectrum and Precision Time Protocol (PTP), also known as IEEE-1588. A real implementation of a Software Integrity Architecture in accordance with Trusted Computing principles concludes the work, together with the presentation of promising results obtained with a flexible and reconfigurable testbed for hands-on activities

Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks

The Self-Sovereign Identity (SSI) is a decentralized paradigm enabling full control over the data used to build and prove the identity. In Internet of Things networks with security requirements, the Self-Sovereign Identity can play a key role and bring benefits with respect to centralized identity solutions. The challenge is to make the SSI compatible with resource-constraint IoT networks. In line with this objective, the paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set. The solution is built around the proof of membership notion. The paper analyzes two membership solutions, a novel solution designed by the Authors based on Merkle trees and a second one based on the adaptation of Boneh, Boyen and Shacham (BBS) group signature scheme. The paper concludes with a performance estimation and a comparative analysis

Supporting Triple-Play Communications with TDuCSMA and First Experiments

This work addresses the implications of using the Time-Division Unbalanced Carrier Sense Multiple Access (TDuCSMA) coordination function to support triple-play services. Firstly, the theoretical background of TDuCSMA is reported, presenting its advantages and discussing its full compliance with the IEEE 802.11 standard. Secondly, a prototype of TDuCSMA is discussed in details. Then, a set of experiments with the prototype implementation of TDuCSMA is presented, showing for the first time the advantages of TDuCSMA in a realistic setting with audio, video and elastic data applications. Experimental results show the superiority of TDuCSMA over the legacy 802.11 Medium Access Control (MAC) in terms of both channel utilization and Quality of Experience (QoE) as measured at the application leve

Integrity Verification of Distributed Nodes in Critical Infrastructures

The accuracy and reliability of time synchronization and distribution are essential requirements for many critical infrastructures, including telecommunication networks, where 5G technologies place increasingly stringent conditions in terms of maintaining highly accurate time. A lack of synchronization between the clocks causes a malfunction of the 5G network, preventing it from providing a high quality of service; this makes the time distribution network a very viable target for attacks. Various solutions have been analyzed to mitigate attacks on the Global Navigation Satellite System (GNSS) radio-frequency spectrum and the Precision Time Protocol (PTP) used for time distribution over the network. This paper highlights the significance of monitoring the integrity of the software and configurations of the infrastructural nodes of a time distribution network. Moreover, this work proposes an attestation scheme, based on the Trusted Computing principles, capable of detecting both software violations on the nodes and hardware attacks aimed at tampering with the configuration of the GNSS receivers. The proposed solution has been implemented and validated on a testbed representing a typical synchronization distribution network. The results, simulating various types of adversaries, emphasize the effectiveness of the proposed approach in a wide range of typical attacks and the certain limitations that need to be addressed to enhance the security of the current GNSS receivers

Visceral adiposity index and DHEAS are useful markers of diabetes risk in women with polycystic ovary syndrome

Objective: On the basis of the known diabetes risk in polycystic ovary syndrome (PCOS), recent guidelines of the Endocrine Society recommend the use of an oral glucose tolerance test (OGTT) to screen for impaired glucose tolerance (IGT) and type 2 diabetes (T2DM) in all women with PCOS. However, given the high prevalence of PCOS, OGTTwould have ahigh cost-benefit ratio. In this study, we identified, through a receiver operating characteristic analysis, simple predictive markers of the composite endpoint (impaired fasting glucose (IFG) or IGT or IFGCIGT or T2DM) in women with PCOS according to the Rotterdam criteria.Design: We conducted a cross-sectional study of 241 women with PCOS in a university hospital setting.Methods: Clinical, anthropometric, and metabolic (including OGTT) parameters were evaluated. The homeostasis model assessment of insulin resistance (HOMA2-IR), the Matsuda index of insulin sensitivity, and the oral dispositional index and visceral adiposity index (VAI) were determined.Results: Out of 241 women included in this study, 28 (11.6%) had an IFG, 13 (5.4%) had IGT, four (1.7%) had IFGCIGT, and four (1.7%) had T2DM. Among the anthropometric variables examined, the VAI had a significantly higher C-statistic compared with BMI (0.760 (95% CI: 0.70-0.81) vs 0.613 (95% CI: 0.54-0.67); PZ0.014) and waist circumference (0.760 (95% CI: 0.70-0.81) vs 0.619 (95% CI: 0.55-0.68); PZ0.028). Among all the hormonal and metabolic serum variables examined, DHEAS showed the highest C-statistic (0.720 (95% CI: 0.65-0.77); P<0.001).Conclusions: In addition to fasting glucose, the VAI and DHEAS may be considered useful tools for prescreening in all women with PCOS without the classical risk factors for diabetes

Toward a Post-Quantum Zero-Knowledge Verifiable Credential System for Self-Sovereign Identity

The advent of quantum computers brought a large interest in post-quantum cryptography and in the migration to quantum-resistant systems. Protocols for Self-Sovereign Identity (SSI) are among the fundamental scenarios touched by this need. The core concept of SSI is to move the control of digital identity from third-party identity providers directly to individuals. This is achieved through Verificable Credentials (VCs) supporting anonymity and selective disclosure. In turn, the implementation of VCs requires cryptographic signature schemes compatible with a proper Zero-Knowledge Proof (ZKP) framework. We describe the two main ZKP VCs schemes based on classical cryptographic assumptions, that is, the signature scheme with efficient protocols of Camenisch and Lysyanskaya, which is based on the strong RSA assumption, and the BBS+ scheme of Boneh, Boyen and Shacham, which is based on the strong Diffie-Hellman assumption. Since these schemes are not quantum-resistant, we select as one of the possible post-quantum alternatives a lattice-based scheme proposed by Jeudy, Roux-Langlois, and Sander, and we try to identify the open problems for achieving VCs suitable for selective disclosure, non-interactive renewal mechanisms, and efficient revocation

Satellite-derived Time for Enhanced Telecom Networks Synchronization: the ROOT Project

Satellite-derived timing information plays a determinant role in the provisioning of an absolute time reference to telecommunications networks, as well as in a growing set of other critical infrastructures. In light of the stringent requirements in terms of time, frequency, and phase synchronization foreseen in upcoming access network architectures (i.e., 5G), Global Navigation Satellite System (GNSS) receivers are expected to ensure enhanced accuracy and reliability not only in positioning but also in timing. High-end GNSS timing receivers combined with terrestrial cesium clocks and specific transport protocols can indeed satisfy such synchronization requirements by granting sub-nanosecond accuracy. As a drawback, the network infrastructure can be exposed to accidental interferences and intentional cyber-attacks. Within this framework, the ROOT project investigates the effectiveness and robustness of innovative countermeasures to GNSS and cybersecurity threats within a reference network architecture