Centralized and Distributed Sparsification for Low-Complexity Message Passing Algorithm in C-RAN Architectures

Cloud radio access network (C-RAN) is a promising technology for fifth-generation (5G) cellular systems. However the burden imposed by the huge amount of data to be collected (in the uplink) from the radio remote heads (RRHs) and processed at the base band unit (BBU) poses serious challenges. In order to reduce the computation effort of minimum mean square error (MMSE) receiver at the BBU the Gaussian message passing (MP) together with a suitable sparsification of the channel matrix can be used. In this paper we propose two sets of solutions, either centralized or distributed ones. In the centralized solutions, we propose different approaches to sparsify the channel matrix, in order to reduce the complexity of MP. However these approaches still require that all signals reaching the RRH are conveyed to the BBU, therefore the communication requirements among the backbone network devices are unaltered. In the decentralized solutions instead we aim at reducing both the complexity of MP at the BBU and the requirements on the RRHs-BBU communication links by pre-processing the signals at the RRH and convey a reduced set of signals to the BBU.Comment: Accepted for pubblication in IEEE VTC 201

Machine Learning For In-Region Location Verification In Wireless Networks

In-region location verification (IRLV) aims at verifying whether a user is inside a region of interest (ROI). In wireless networks, IRLV can exploit the features of the channel between the user and a set of trusted access points. In practice, the channel feature statistics is not available and we resort to machine learning (ML) solutions for IRLV. We first show that solutions based on either neural networks (NNs) or support vector machines (SVMs) and typical loss functions are Neyman-Pearson (N-P)-optimal at learning convergence for sufficiently complex learning machines and large training datasets . Indeed, for finite training, ML solutions are more accurate than the N-P test based on estimated channel statistics. Then, as estimating channel features outside the ROI may be difficult, we consider one-class classifiers, namely auto-encoders NNs and one-class SVMs, which however are not equivalent to the generalized likelihood ratio test (GLRT), typically replacing the N-P test in the one-class problem. Numerical results support the results in realistic wireless networks, with channel models including path-loss, shadowing, and fading

Location-Verification and Network Planning via Machine Learning Approaches

In-region location verification (IRLV) in wireless networks is the problem of deciding if user equipment (UE) is transmitting from inside or outside a specific physical region (e.g., a safe room). The decision process exploits the features of the channel between the UE and a set of network access points (APs). We propose a solution based on machine learning (ML) implemented by a neural network (NN) trained with the channel features (in particular, noisy attenuation values) collected by the APs for various positions both inside and outside the specific region. The output is a decision on the UE position (inside or outside the region). By seeing IRLV as an hypothesis testing problem, we address the optimal positioning of the APs for minimizing either the area under the curve (AUC) of the receiver operating characteristic (ROC) or the cross entropy (CE) between the NN output and ground truth (available during the training). In order to solve the minimization problem we propose a twostage particle swarm optimization (PSO) algorithm. We show that for a long training and a NN with enough neurons the proposed solution achieves the performance of the Neyman-Pearson (N-P) lemma.Comment: Accepted for Workshop on Machine Learning for Communications, June 07 2019, Avignon, Franc

Hyperloop: A Cybersecurity Perspective

Hyperloop is among the most prominent future transportation systems. First introduced by Elon Musk, Hyperloop concept involves novel technologies to allow traveling at a maximum speed of 1220km/h, while guaranteeing sustainability. Due to the system's performance requirements and the critical infrastructure it represents, its safety and security need to be carefully considered. In cyber-physical systems, cyberattacks could lead to safety issues with catastrophic consequences, both on the population and the surrounding environment. Therefore, the cybersecurity of all the components and links in Hyperloop represents a fundamental challenge. To this day, no research investigated the cyber security of the technology used for Hyperloop. In this paper, we propose the first analysis of the cybersecurity challenges raised by Hyperloop technology. We base our analysis on the related works on Hyperloop, distilling the common features which will be likely to be present in the system. Furthermore, we provide an analysis of possible directions on the Hyperloop infrastructure management, together with their security concerns. Finally, we discuss possible countermeasures and future directions for the security of the future Hyperloop design.Comment: 9 pages, 4 figures, 1 tabl

EVScout2.0: Electric Vehicle Profiling Through Charging Profile

EVs (Electric Vehicles) represent a green alternative to traditional fuel-powered vehicles. To enforce their widespread use, both the technical development and the security of users shall be guaranteed. Privacy of users represents one of the possible threats impairing EVs adoption. In particular, recent works showed the feasibility of identifying EVs based on the current exchanged during the charging phase. In fact, while the resource negotiation phase runs over secure communication protocols, the signal exchanged during the actual charging contains features peculiar to each EV. A suitable feature extractor can hence associate such features to each EV, in what is commonly known as profiling. In this paper, we propose EVScout2.0, an extended and improved version of our previously proposed framework to profile EVs based on their charging behavior. By exploiting the current and pilot signals exchanged during the charging phase, our scheme is able to extract features peculiar for each EV, allowing hence for their profiling. We implemented and tested EVScout2.0 over a set of real-world measurements considering over 7500 charging sessions from a total of 137 EVs. In particular, numerical results show the superiority of EVScout2.0 with respect to the previous version. EVScout2.0 can profile EVs, attaining a maximum of 0.88 recall and 0.88 precision. To the best of the authors' knowledge, these results set a new benchmark for upcoming privacy research for large datasets of EVs

QEVSEC: Quick Electric Vehicle SEcure Charging via Dynamic Wireless Power Transfer

Dynamic Wireless Power Transfer (DWPT) can be used for on-demand recharging of Electric Vehicles (EV) while driving. However, DWPT raises numerous security and privacy concerns. Recently, researchers demonstrated that DWPT systems are vulnerable to adversarial attacks. In an EV charging scenario, an attacker can prevent the authorized customer from charging, obtain a free charge by billing a victim user and track a target vehicle. State-of-the-art authentication schemes relying on centralized solutions are either vulnerable to various attacks or have high computational complexity, making them unsuitable for a dynamic scenario. In this paper, we propose Quick Electric Vehicle SEcure Charging (QEVSEC), a novel, secure, and efficient authentication protocol for the dynamic charging of EVs. Our idea for QEVSEC originates from multiple vulnerabilities we found in the state-of-the-art protocol that allows tracking of user activity and is susceptible to replay attacks. Based on these observations, the proposed protocol solves these issues and achieves lower computational complexity by using only primitive cryptographic operations in a very short message exchange. QEVSEC provides scalability and a reduced cost in each iteration, thus lowering the impact on the power needed from the grid.Comment: 6 pages, conferenc

LoVe is in the Air -- Location Verification of ADS-B Signals using Distributed Public Sensors

The Automatic Dependant Surveillance-Broadcast (ADS-B) message scheme was designed without any authentication or encryption of messages in place. It is therefore easily possible to attack it, e.g., by injecting spoofed messages or modifying the transmitted Global Navigation Satellite System (GNSS) coordinates. In order to verify the integrity of the received information, various methods have been suggested, such as multilateration, the use of Kalman filters, group certification, and many others. However, solutions based on modifications of the standard may be difficult and too slow to be implemented due to legal and regulatory issues. A vantage far less explored is the location verification using public sensor data. In this paper, we propose LoVe, a lightweight message verification approach that uses a geospatial indexing scheme to evaluate the trustworthiness of publicly deployed sensors and the ADS-B messages they receive. With LoVe, new messages can be evaluated with respect to the plausibility of their reported coordinates in a location privacy-preserving manner, while using a data-driven and lightweight approach. By testing our approach on two open datasets, we show that LoVe achieves very low false positive rates (between 0 and 0.00106) and very low false negative rates (between 0.00065 and 0.00334) while providing a real-time compatible approach that scales well even with a large sensor set. Compared to currently existing approaches, LoVe neither requires a large number of sensors, nor for messages to be recorded by as many sensors as possible simultaneously in order to verify location claims. Furthermore, it can be directly applied to currently deployed systems thus being backward compatible

Beware of Pickpockets: A Practical Attack against Blocking Cards

peer reviewedToday, we rely on contactless smart cards to perform several critical operations (e.g., payments and accessing buildings). Attacking smart cards can have severe consequences, such as losing money or leaking sensitive information. Although the security protections embedded in smart cards have evolved over the years, those with weak security properties are still commonly used. Among the different solutions, blocking cards are affordable devices to protect smart cards. These devices are placed close to the smart cards, generating a noisy jamming signal or shielding them. Whereas vendors claim the reliability of their blocking cards, no previous study has ever focused on evaluating their effectiveness. In this paper, we shed light on the security threats on smart cards in the presence of blocking cards, showing the possibility of being bypassed by an attacker. We analyze blocking cards by inspecting their emitted signal and assessing a vulnerability in their internal design.We propose a novel attack that bypasses the jamming signal emitted by a blocking card and reads the content of the smart card. We evaluate the effectiveness of 11 blocking cards when protecting a MIFARE Ultralight smart card and a MIFARE Classic card. Of these 11 cards, we managed to bypass 8 of them and successfully dump the content of a smart card despite the presence of the blocking card. Our findings highlight that the noise type implemented by the blocking cards highly affects the protection level achieved by them. Based on this observation, we propose a countermeasure that may lead to the design of effective blocking cards. To further improve security, we released the tool we developed to inspect the spectrum emitted by blocking cards and set up our attack