No NAT'd User left Behind: Fingerprinting Users behind NAT from NetFlow Records alone

It is generally recognized that the traffic generated by an individual connected to a network acts as his biometric signature. Several tools exploit this fact to fingerprint and monitor users. Often, though, these tools assume to access the entire traffic, including IP addresses and payloads. This is not feasible on the grounds that both performance and privacy would be negatively affected. In reality, most ISPs convert user traffic into NetFlow records for a concise representation that does not include, for instance, any payloads. More importantly, large and distributed networks are usually NAT'd, thus a few IP addresses may be associated to thousands of users. We devised a new fingerprinting framework that overcomes these hurdles. Our system is able to analyze a huge amount of network traffic represented as NetFlows, with the intent to track people. It does so by accurately inferring when users are connected to the network and which IP addresses they are using, even though thousands of users are hidden behind NAT. Our prototype implementation was deployed and tested within an existing large metropolitan WiFi network serving about 200,000 users, with an average load of more than 1,000 users simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned out to be very effective, with an accuracy greater than 90%. We also devised new tools and refined existing ones that may be applied to other contexts related to NetFlow analysis

Reliability issues in the design of distributed object-based architectures

PhD ThesisThis thesis is aimed at enhancing the existing set of techniques for building distributed systems, specifically from the point of view of fault-tolerant com- puting. Reliability is of fundamental importance in the design and operation of dis- tributed systems, as an increasing number of computers are employed in the automation of various essential services. In the past decade, much research effort has been concerned with the object-based methodology for the design and implementation of reliable distributed systems. This thesis describes three contributions to this effort. First, it is shown that object-based programming features can in fact be introduced into pro- cedural languages provided that these languages are endowed with certain facilities. Then, work is discussed which illustrates the relationship between distributed object-based architectures and an apparently different form of distributed architectures based on processes. This work puts the notion of object-based architectures into a new perspective, which shows that the object-based philosophy and the process-based philosophy are the dual of each other. Finally, an important aspect of the design of an object-based distributed architecture is investigated, that of automatic garbage collection. A distri- buted garbage collection scheme is described that handles fault tolerance by an extension of the technique commonly employed to detect unwanted com- putations in distributed architectures. The scheme proposed can also be seen as yet a further illustration of the link between object-based and process-based architectures.Royal Signals and Radar Establishment of the U.K. Ministry of Defence. Italian Consiglio Nazionale delle Ricerch

A Novel Stealthy Attack to Gather SDN Configuration-Information

Software Defined Networking (SDN) is a recent network architecture based on the separation of forwarding functions from network logic, and provides high flexibility in the management of the network. In this paper, we show how an attacker can exploit SDN programmability to obtain detailed knowledge about the network behaviour. In particular, we introduce a novel attack, named Know Your Enemy (KYE), which allows an attacker to gather vital information about the configuration of the network. Through the KYE attack, an attacker can obtain information ranging from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that the KYE attack can be performed in a stealthy fashion, allowing an attacker to learn configuration secrets without being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks. Finally, we address the KYE attack by proposing an active defense countermeasure based on network flows obfuscation, which considerably increases the complexity for a successful attack. Our solution offers provable security guarantees that can be tailored to the needs of the specific network under consideration

An Overview of Stepped Hull Performance Evaluation: Sea Trial Data vs Full-Scale CFD Simulation

It is well known that the dynamic of the stepped hull in real scale is rather complex and it’s not easy to predict that using empirical or mathematical approaches, and by the numerical and experimental way as well. Moreover, there is a huge lack in the literature of data related to sea trials of the stepped hull. Furthermore, the reliability of full-scale CFD simulations is not widely proven and validated especially for high speed and planing hull. For these several reasons, in this paper, the authors are focused on the comparison of the results carried out from model experimental tests performed in the model basin, full-scale CFD simulations, and sea trial tests. The performed simulations in full-scale have been compared to the extrapolated experimental tests and the sea-trial results. Moreover, the dynamic trim angle and the dynamic wetted surface have been taken into account to assess the reliability of the full-scale simulation performed. The stepped hull considered is a Mito 31 outboard Rigid Inflatable Boat (RIB) built by MV Marine Srl Company

Calm-water performance of a boat with two swept steps at high-speeds: Laboratory measurements and mathematical modeling

n/

An Intraoperative β−\beta^- Detecting Probe For Radio-Guided Surgery in Tumour Resection

The development of the $\beta^-$ based radio-guided surgery aims to extend the technique to those tumours where surgery is the only possible treatment and the assessment of the resection would most profit from the low background around the lesion, as for brain tumours. Feasibility studies on meningioma, glioma, and neuroendocrine tumors already estimated the potentiality of this new treatment. To validate the technique, prototypes of the intraoperative probe required by the technique to detect $\beta^-$ radiation have been developed. This paper discusses the design details of the device and the tests performed in laboratory. In such tests particular care has to be taken to reproduce the surgical field conditions. The innovative technique to produce specific phantoms and the dedicated testing protocols is described in detail.Comment: 7 pages, 15 figure

In Vitro Control of Post-Harvest Fruit Rot Fungi by Some Plant Essential Oil Components

Eight substances that are main components of the essential oils from three Mediterranean aromatic plants (Verbena officinalis, Thymus vulgaris and Origanum vulgare), previously found active against some phytopathogenic Fungi and Stramenopila, have been tested in vitro against five etiological agents of post-harvest fruit decay, Botrytis cinerea, Penicillium italicum, P. expansum, Phytophthora citrophthora and Rhizopus stolonifer. The tested compounds were β-fellandrene, β-pinene, camphene, carvacrol, citral, o-cymene, γ-terpinene and thymol. Citral exhibited a fungicidal action against P. citrophthora; carvacrol and thymol showed a fungistatic activity against P. citrophthora and R. stolonifer. Citral and carvacrol at 250 ppm, and thymol at 150 and 250 ppm stopped the growth of B. cinerea. Moreover, thymol showed fungistatic and fungicidal action against P. italicum. Finally, the mycelium growth of P. expansum was inhibited in the presence of 250 ppm of thymol and carvacrol. These results represent an important step toward the goal to use some essential oils or their components as natural preservatives for fruits and foodstuffs, due to their safety for consumer healthy and positive effect on shelf life extension of agricultural fresh products

The Italian National Project of Astrobiology-Life in Space-Origin, Presence, Persistence of Life in Space, from Molecules to Extremophiles

The \u2018\u2018Life in Space\u2019\u2019 project was funded in the wake of the Italian Space Agency\u2019s proposal for the development of a network of institutions and laboratories conceived to implement Italian participation in space astrobiology experiments

Acute Delta Hepatitis in Italy spanning three decades (1991–2019): Evidence for the effectiveness of the hepatitis B vaccination campaign

Updated incidence data of acute Delta virus hepatitis (HDV) are lacking worldwide. Our aim was to evaluate incidence of and risk factors for acute HDV in Italy after the introduction of the compulsory vaccination against hepatitis B virus (HBV) in 1991. Data were obtained from the National Surveillance System of acute viral hepatitis (SEIEVA). Independent predictors of HDV were assessed by logistic-regression analysis. The incidence of acute HDV per 1-million population declined from 3.2 cases in 1987 to 0.04 in 2019, parallel to that of acute HBV per 100,000 from 10.0 to 0.39 cases during the same period. The median age of cases increased from 27 years in the decade 1991-1999 to 44 years in the decade 2010-2019 (p < .001). Over the same period, the male/female ratio decreased from 3.8 to 2.1, the proportion of coinfections increased from 55% to 75% (p = .003) and that of HBsAg positive acute hepatitis tested for by IgM anti-HDV linearly decreased from 50.1% to 34.1% (p < .001). People born abroad accounted for 24.6% of cases in 2004-2010 and 32.1% in 2011-2019. In the period 2010-2019, risky sexual behaviour (O.R. 4.2; 95%CI: 1.4-12.8) was the sole independent predictor of acute HDV; conversely intravenous drug use was no longer associated (O.R. 1.25; 95%CI: 0.15-10.22) with this. In conclusion, HBV vaccination was an effective measure to control acute HDV. Intravenous drug use is no longer an efficient mode of HDV spread. Testing for IgM-anti HDV is a grey area requiring alert. Acute HDV in foreigners should be monitored in the years to come