Skip to main content

Simone Soderi

IMT Lucca, Systems Modeling and Analysis, Post-Doc

Followers

65

Following

18

Co-authors

10

Mentions

1

Public Views

Experienced in short-range wireless communications and cyber-security solutions with a focus on physical layer security. I'm a certified professional ethical hacker (CPEH).My research topics include cyber-security for critical infrastructure systems and physical layer security, ultrasonic communications, visible light communications, stenography, and UWB.

less

InterestsView All (6)

Uploads

Papers by Simone Soderi

Experimental Study of In-Body Devices Misalignment Impact on Light-Based In-Body Communications

Securing Hybrid Wireless Body Area Networks (HyWBAN): Advancements in Semantic Communications and Jamming Techniques

arXiv (Cornell University), Apr 24, 2024

Mitigating and Analysis of Memory Usage Attack in IoE System

Energy Cyber Attacks to Smart Healthcare Devices: A Testbed

Study on Fat as the Propagation Medium in Optical-Based In-Body Communications

Materials and Methods • An experimental test-bed comprised an optical transmitter (LED driver and... more Materials and Methods • An experimental test-bed comprised an optical transmitter (LED driver and LED) and an optical receiver (sensor and optical power meter). • The biological tissue was used as the optical medium, which is (1) Pure fat tissue (15 mm), (2) pure flesh (15 mm), (3) Sample #1 (30 mm), (4) sample #2 (38 mm), and (5) sample #3 (40 mm). • NIR light 810 nm was chosen to illuminate the biological tissue as it has better propagation properties across tissues than other wavelengths. • All samples were warmed in a heat chamber to temperatures of 23°C and 37°C for measurement purposes. • LED driver variation: 100 mA, 200 mA, 300 mA, 400 mA, and 500 mA.

6G Networks Physical Layer Security Using RGB Visible Light Communications

IEEE Access, 2022

Visible Light Communication (VLC) is a key technology for the sixth-generation (6G) wireless comm... more Visible Light Communication (VLC) is a key technology for the sixth-generation (6G) wireless communication thanks to the possibility of using artificial environmental lights as a data transfer channel. Although VLC systems are more resistant against interference and less susceptible to security vulnerabilities like most wireless networks, VLC is even inherently susceptible to eavesdropping attacks. Moreover, since VLC is considered an enabling technology for 6G, specific mechanisms are needed to enforce data security. This paper considers improving the security of the next generation of wireless communications by using the Watermark Blind Physical Layer Security (WBPLSec) in VLCs. The main intuition is that RGB LEDs offer the possibility for Wavelength Division Multiplexing (WDM) as a useful support for the Spread-Spectrum (SS) watermarking. In this paper, we propose an approach that aims at obtaining VLC Physical Layer Security (PLS) by combining watermarking with an RGB LED jamming. We provide a performance analysis of the proposed security architecture based on the secrecy capacity in terms of its existence and outage probability. We prove that WBPLSec can be used to significantly improve confidentiality in the next generation of wireless communications. The results offer the possibility of creating a secure region around the legitimate receiver by leveraging the jamming optical power.

Cybersecurity Considerations for Communication Based Train Control

IEEE Access

The CENELEC TS 50701 is the first encompassing standard aiming at governing cybersecurity risk ma... more The CENELEC TS 50701 is the first encompassing standard aiming at governing cybersecurity risk management processes within the railway industry. Although the technical maturity of this framework is undeniable, its application in practical projects is still an active field of discussion among practitioners, especially when dealing the communication-heavy subsystems. Among such subsystems, signalling is among the most critical ones. Both Communication-based Train Control (CBTC) and European Railway Traffic Management Systems (ERTMS) heavily rely on wireless communications for their operation. This paper describes two cybersecurity attack scenarios regarding wireless communications for CBTCs that can impact the safety of these systems using the lens of the framework provided by the novel CENELEC TS 50701. In doing so, we discuss the implications of using such guidance, especially concerning the different interpretations found in the literature regarding zoning communication systems, to assess and mitigate the cybersecurity risk and improve the posture of CBTC systems concerning the examined attacks. Experimental tests conducted in controlled laboratory environments and high-fidelity simulations have been conducted to support the cybersecurity analysis.

Cybersecurity considerations for CBTC

Communication Based Train Control (CBTC) and the European Rail Traffic Management Systems (ERTMS)... more Communication Based Train Control (CBTC) and the European Rail Traffic Management Systems (ERTMS) are prevailing radio controlled systems for railway. As a part of the ERTMS standard, the European Train Control System (ETCS) implements on-board control systems throughout multiple radios. CBTC makes use of RF-based data communication systems (DCSs) for train control and traffic management. Even if ERTMS and CBTC have different origins, both make use of wireless communications for safety related systems. This paper describes cybersecurity considerations for CBTC. First, authors studied the impact of security on intra-vehicular communications in a real tunnel scenario, e.g. for urban transit where the usage of security is mandatory in order to maintain the system safety. Secondly, the impact of a jamming attack against ETCS radio has been analyzed. Measurement campaigns confirmed Host Identity Protocol (HIP) as an effective security solution at layer 3 in terms of the protocol overhead...

Algorithm in UWB Synchronization

This paper studies code synchronization in time hopping (TH) ultra wideband (UWB) systems. In TH ... more This paper studies code synchronization in time hopping (TH) ultra wideband (UWB) systems. In TH UWB systems, narrow pulses based on Gaussian pulse are positioned in different locations in consecutive time frames. The location of each frame is defined by a spreading code. The receiver collects the energy of the pulses using the same spreading code. To be able to do that, it has to synchronize itself to the incoming signal. Due to the large bandwidth of the signal, several replicas of the signals arrive into the receiver. Thus, the energy of the signal is spread in time domain causing extra problems to the synchronization procedure. In this paper, earlierly proposed method for direct sequence spread spectrum system is applied for time hopping system. The method is simulated in a multipath environment. The performance measure used is the mean acquisition time. Constant false alarm rate criterion is used for the threshold setting rule for comparator. The energies of the multipath compo...

Physical Layer Security

Wireless communications’ infrastructures are frequently selected as a cable replacement in many a... more Wireless communications’ infrastructures are frequently selected as a cable replacement in many applications, giving an immediate advantage on the wireless investment. However, the worldwide proliferation of wireless local area network (WLAN) imposed large investments on the network security. In the early days of the Internet, its layered protocol stack did not consider security as a primary concern. Since then a significant amount of literature has been published. This chapter proposes a watermark‐based blind physical layer security (WBPLSec) utilizing a jamming receiver in conjunction with the spread spectrum watermarking technique. The outage probability of the secrecy capacity is analytically derived, regardless of the eavesdropper position. The theoretical analysis let us draw a secure region around the legitimate receiver. Results indicate how the WBPLSec aims to be a valuable technique for deploying physical layer security. Authors utilized the outage probability of secrecy c...

Enhancing Security in 6G Visible Light Communications

2020 2nd 6G Wireless Summit (6G SUMMIT), 2020

This paper considers improving the confidentiality of the next generation of wireless communicati... more This paper considers improving the confidentiality of the next generation of wireless communications by using the watermark-based blind physical layer security (WBPLSec) in Visible Light Communications (VLCs). Since the growth of wireless applications and service, the demand for a secure and fast data transfer connection requires new technology solutions capable to ensure the best countermeasure against security attacks. VLC is one of the most promising new wireless communication technology, due to the possibility of using environmental artificial lights as data transfer channel in free-space. On the other hand, VLCs are even inherently susceptible to eavesdropping attacks. This work proposes an innovative scheme in which red, green, blue (RGB) light-emitting-diodes (LEDs) and three color-tuned photo-diodes (PDs) are used to secure a VLC by using a jamming receiver in conjunction with the spread spectrum watermarking technique. To the best of the author's knowledge, this is the ...

Covert Channel Attack to Federated Learning Systems

Federated learning (FL) goes beyond traditional, centralized machine learning by distributing mod... more Federated learning (FL) goes beyond traditional, centralized machine learning by distributing model training among a large collection of edge clients. These clients cooperatively train a global, e.g., cloud-hosted, model without disclosing their local, private training data. The global model is then shared among all the participants which use it for local predictions. In this paper, we put forward a novel attacker model aiming at turning FL systems into covert channels to implement a stealth communication infrastructure. The main intuition is that, during federated training, a malicious sender can poison the global model by submitting purposely crafted examples. Although the effect of the model poisoning is negligible to other participants, and does not alter the overall model performance, it can be observed by a malicious receiver and used to transmit a single bit.

Physical layer security based on spread-spectrum watermarking and jamming receiver

Transactions on Emerging Telecommunications Technologies, 2016

Wireless communications' infrastructures are frequently selected as a cable replacement in many a... more Wireless communications' infrastructures are frequently selected as a cable replacement in many applications giving an immediate advantage on the wireless investment. However, the worldwide proliferation of wireless local area network (WLAN) imposed large investments on the network security. In the early days of Internet, its layered protocol stack did not consider security as a primary concern. Since then a significant amount of literature has been published. This paper proposes a watermark-based blind physical layer security (WBPLSec) utilizing a jamming receiver in conjunction with the spread spectrum watermarking technique. The outage probability of the secrecy capacity is analytically derived, regardless of the eavesdropper position. The theoretical analysis let us draw a secure region around the legitimate receiver. Results indicate how the WBPLSec aims to be a valuable technique for deploying physical layer security. Authors utilized two performance metrics, the outage probability of secrecy capacity for assessing the secure communication effectiveness and the error probability for evaluating the watermark extraction process. Finally, the proposed protocol improves the secrecy capacity performance if compared to other protocols and moreover it has a lower energy consumption.

Physical layer security based on spread-spectrum watermarking and jamming receiver

Transactions on Emerging Telecommunications Technologies, Dec 19, 2016

Wireless communications' infrastructures are frequently selected as a cable replacement in many a... more Wireless communications' infrastructures are frequently selected as a cable replacement in many applications giving an immediate advantage on the wireless investment. However, the worldwide proliferation of wireless local area network (WLAN) imposed large investments on the network security. In the early days of Internet, its layered protocol stack did not consider security as a primary concern. Since then a significant amount of literature has been published. This paper proposes a watermark-based blind physical layer security (WBPLSec) utilizing a jamming receiver in conjunction with the spread spectrum watermarking technique. The outage probability of the secrecy capacity is analytically derived, regardless of the eavesdropper position. The theoretical analysis let us draw a secure region around the legitimate receiver. Results indicate how the WBPLSec aims to be a valuable technique for deploying physical layer security. Authors utilized two performance metrics, the outage probability of secrecy capacity for assessing the secure communication effectiveness and the error probability for evaluating the watermark extraction process. Finally, the proposed protocol improves the secrecy capacity performance if compared to other protocols and moreover it has a lower energy consumption.

Security in Body Networks: Watermark-based Communications on Air-gap Acoustic Channel

BODYNETS 2018 - 13th EAI International Conference on Body Area Networks, 2018

Wireless body area networks (WBAN) are becoming common to collect humans' information. For exampl... more Wireless body area networks (WBAN) are becoming common to collect humans' information. For example patients' vital signs in hospital scenarios. Recently, the interest of cyber-criminals to this information has gone up. Physical layer security is a standalone solution for low-power sensors network and WBAN. This paper describes the application of the watermark-based blind physical layer security (WBPLSec) to audio communications. Results indicate the WBPLSec as valuable technique for WBAN scenarios in which a sensor does not have any additional radio frequency (RF) interface but only a microphone and loudspeakers. Using this technique, the legitimate receiver creates a secure region around itself up to 50 cm. Due to the low data-rate, this technique is a valuable method for key exchange protocol between nodes with a good level of confidentiality.

Acoustic-Based Security: A Key Enabling Technology for Wireless Sensor Networks

International Journal of Wireless Information Networks, 2019

Technological advances have proliferated in several sectors by developing additional capabilities... more Technological advances have proliferated in several sectors by developing additional capabilities in the field of systems engineering. These improvements enabled the deployment of new and smart products. Today, wireless body area networks (WBAN) are commonly used to collect humans' information, hence this evolution exposes wireless systems to new security threats. Recently, the interest by cyber-criminals in this information has increased. Many of these wireless devices are equipped with passive speakers and microphones that may be used to exchange data with each other. This paper describes the application of the watermark-based blind physical layer security (WBPLSec) to acoustic communications as unconventional wireless link. Since wireless sensors have a limited computation power the WBPLSec is a valuable physical layer standalone solution to save energy. Actually, this protocol does not need any additional radio frequency (RF) connection. Indeed, it combines watermarking and a jamming techniques over sound-waves to create secure region around the legitimate receiver. Due to their nature, wireless communications might experience eavesdropping attacks. The analysis proposed in this paper, addresses countermeasures against confidentiality attacks on short-range wireless communications. The experiments over the acoustic air-gap channel showed that WBPLSec can create a region two meters wide in which wireless nodes are able to communicate securely. Therefore, the results favor the use of this scheme as a key enabling technology to protect the confidentiality in wireless sensor networks.

Cybersecurity Assessment of the Polar Bluetooth Low Energy Heart-rate Sensor

EAI International Conference on Body Area Networks At: Florence, Italy, 2019

Wireless communications among wearable and implantable devices implement the information exchange... more Wireless communications among wearable and implantable devices implement the information exchange around the human body. Wireless body area network (WBAN) technology enables non-invasive applications in our daily lives. Wireless connected devices improve the quality of many services, and they make procedures easier. On the other hand, they open up large attack surfaces and introduces potential security vulnerabilities. Bluetooth low energy (BLE) is a low-power protocol widely used in wireless personal area networks (WPANs). This paper analyzes the security vulnerabilities of a BLE heart-rate sensor. By observing the received signal strength indicator (RSSI) variations, it is possible to detect anomalies in the BLE connection. The case-study shows that an attacker can easily intercept and manipulate the data transmitted between the mobile app and the BLE device. With this research, the author would raise awareness about the security of the heart-rate information that we can receive from our wireless body sensors.

Watermark-based Secure Communications in Safety-Related Scenarios

by Simone Soderi, Lorenzo Mucchi, Matti Hämäläinen, and Jari Iinatti

The technological innovation has enabled the spread of safety-related systems in many domains, su... more The technological innovation has enabled the spread of safety-related systems in many domains, such as public transport, energy, and medical devices. In these applications, security is one of the primary concerns. This paper proposes a watermark-based blind physical layer security (WBPLSec) utilizing a jamming receiver in conjunction with spread spectrum watermarking technique. The outage probability of the secrecy capacity is analytically derived, being regardless of the eavesdropper position. Results indicate the WBPLSec a valuable technique for deploying physical layer security creating a secure region around the receiver, such as the legitimate medical device.

Cybersecurity considerations for Communication Based Train Control

The Seventh Nordic Workshop on System and Network Optimization for Wireless (SNOW'16), 2016

Communication Based Train Control (CBTC) and the European Rail Traffic Management Systems (ERTMS)... more Communication Based Train Control (CBTC) and the European Rail Traffic Management Systems (ERTMS) are prevailing radio controlled systems for railway. As a part of the ERTMS standard, the European Train Control System (ETCS) implements on-board control systems throughout multiple radios. CBTC makes use of RF-based data communication systems (DCSs) for train control and traffic management. Even if ERTMS and CBTC have different origins, both make use of wireless communications for safety related systems. This paper describes cybersecurity considerations for CBTC. First, authors studied the impact of security on intra-vehicular communications in a real tunnel scenario, e.g. for urban transit where the usage of security is mandatory in order to maintain the system safety. Secondly, the impact of a jamming attack against ETCS radio has been analyzed. Measurement campaigns confirmed Host Identity Protocol (HIP) as an effective security solution at layer 3 in terms of the protocol overhead introduced. On the other hand, the Balise Transmission Module (BTM), included in ETCS standard, is sensitive to jamming attack and the measurements presented here would offer the sights for further security considerations around the CBTC.

Receiver Structures

by Raffaello Tesi, Matti Hämäläinen, Jari Iinatti, and Simone Soderi

Oppermann/UWB: Theory and Applications, 2004

Experimental Study of In-Body Devices Misalignment Impact on Light-Based In-Body Communications

Securing Hybrid Wireless Body Area Networks (HyWBAN): Advancements in Semantic Communications and Jamming Techniques

arXiv (Cornell University), Apr 24, 2024

Mitigating and Analysis of Memory Usage Attack in IoE System

Energy Cyber Attacks to Smart Healthcare Devices: A Testbed

Study on Fat as the Propagation Medium in Optical-Based In-Body Communications

Materials and Methods • An experimental test-bed comprised an optical transmitter (LED driver and... more Materials and Methods • An experimental test-bed comprised an optical transmitter (LED driver and LED) and an optical receiver (sensor and optical power meter). • The biological tissue was used as the optical medium, which is (1) Pure fat tissue (15 mm), (2) pure flesh (15 mm), (3) Sample #1 (30 mm), (4) sample #2 (38 mm), and (5) sample #3 (40 mm). • NIR light 810 nm was chosen to illuminate the biological tissue as it has better propagation properties across tissues than other wavelengths. • All samples were warmed in a heat chamber to temperatures of 23°C and 37°C for measurement purposes. • LED driver variation: 100 mA, 200 mA, 300 mA, 400 mA, and 500 mA.

6G Networks Physical Layer Security Using RGB Visible Light Communications

IEEE Access, 2022

Visible Light Communication (VLC) is a key technology for the sixth-generation (6G) wireless comm... more Visible Light Communication (VLC) is a key technology for the sixth-generation (6G) wireless communication thanks to the possibility of using artificial environmental lights as a data transfer channel. Although VLC systems are more resistant against interference and less susceptible to security vulnerabilities like most wireless networks, VLC is even inherently susceptible to eavesdropping attacks. Moreover, since VLC is considered an enabling technology for 6G, specific mechanisms are needed to enforce data security. This paper considers improving the security of the next generation of wireless communications by using the Watermark Blind Physical Layer Security (WBPLSec) in VLCs. The main intuition is that RGB LEDs offer the possibility for Wavelength Division Multiplexing (WDM) as a useful support for the Spread-Spectrum (SS) watermarking. In this paper, we propose an approach that aims at obtaining VLC Physical Layer Security (PLS) by combining watermarking with an RGB LED jamming. We provide a performance analysis of the proposed security architecture based on the secrecy capacity in terms of its existence and outage probability. We prove that WBPLSec can be used to significantly improve confidentiality in the next generation of wireless communications. The results offer the possibility of creating a secure region around the legitimate receiver by leveraging the jamming optical power.

Cybersecurity Considerations for Communication Based Train Control

IEEE Access

The CENELEC TS 50701 is the first encompassing standard aiming at governing cybersecurity risk ma... more The CENELEC TS 50701 is the first encompassing standard aiming at governing cybersecurity risk management processes within the railway industry. Although the technical maturity of this framework is undeniable, its application in practical projects is still an active field of discussion among practitioners, especially when dealing the communication-heavy subsystems. Among such subsystems, signalling is among the most critical ones. Both Communication-based Train Control (CBTC) and European Railway Traffic Management Systems (ERTMS) heavily rely on wireless communications for their operation. This paper describes two cybersecurity attack scenarios regarding wireless communications for CBTCs that can impact the safety of these systems using the lens of the framework provided by the novel CENELEC TS 50701. In doing so, we discuss the implications of using such guidance, especially concerning the different interpretations found in the literature regarding zoning communication systems, to assess and mitigate the cybersecurity risk and improve the posture of CBTC systems concerning the examined attacks. Experimental tests conducted in controlled laboratory environments and high-fidelity simulations have been conducted to support the cybersecurity analysis.

Cybersecurity considerations for CBTC

Communication Based Train Control (CBTC) and the European Rail Traffic Management Systems (ERTMS)... more Communication Based Train Control (CBTC) and the European Rail Traffic Management Systems (ERTMS) are prevailing radio controlled systems for railway. As a part of the ERTMS standard, the European Train Control System (ETCS) implements on-board control systems throughout multiple radios. CBTC makes use of RF-based data communication systems (DCSs) for train control and traffic management. Even if ERTMS and CBTC have different origins, both make use of wireless communications for safety related systems. This paper describes cybersecurity considerations for CBTC. First, authors studied the impact of security on intra-vehicular communications in a real tunnel scenario, e.g. for urban transit where the usage of security is mandatory in order to maintain the system safety. Secondly, the impact of a jamming attack against ETCS radio has been analyzed. Measurement campaigns confirmed Host Identity Protocol (HIP) as an effective security solution at layer 3 in terms of the protocol overhead...

Algorithm in UWB Synchronization

This paper studies code synchronization in time hopping (TH) ultra wideband (UWB) systems. In TH ... more This paper studies code synchronization in time hopping (TH) ultra wideband (UWB) systems. In TH UWB systems, narrow pulses based on Gaussian pulse are positioned in different locations in consecutive time frames. The location of each frame is defined by a spreading code. The receiver collects the energy of the pulses using the same spreading code. To be able to do that, it has to synchronize itself to the incoming signal. Due to the large bandwidth of the signal, several replicas of the signals arrive into the receiver. Thus, the energy of the signal is spread in time domain causing extra problems to the synchronization procedure. In this paper, earlierly proposed method for direct sequence spread spectrum system is applied for time hopping system. The method is simulated in a multipath environment. The performance measure used is the mean acquisition time. Constant false alarm rate criterion is used for the threshold setting rule for comparator. The energies of the multipath compo...

Physical Layer Security

Wireless communications’ infrastructures are frequently selected as a cable replacement in many a... more Wireless communications’ infrastructures are frequently selected as a cable replacement in many applications, giving an immediate advantage on the wireless investment. However, the worldwide proliferation of wireless local area network (WLAN) imposed large investments on the network security. In the early days of the Internet, its layered protocol stack did not consider security as a primary concern. Since then a significant amount of literature has been published. This chapter proposes a watermark‐based blind physical layer security (WBPLSec) utilizing a jamming receiver in conjunction with the spread spectrum watermarking technique. The outage probability of the secrecy capacity is analytically derived, regardless of the eavesdropper position. The theoretical analysis let us draw a secure region around the legitimate receiver. Results indicate how the WBPLSec aims to be a valuable technique for deploying physical layer security. Authors utilized the outage probability of secrecy c...

Enhancing Security in 6G Visible Light Communications

2020 2nd 6G Wireless Summit (6G SUMMIT), 2020

This paper considers improving the confidentiality of the next generation of wireless communicati... more This paper considers improving the confidentiality of the next generation of wireless communications by using the watermark-based blind physical layer security (WBPLSec) in Visible Light Communications (VLCs). Since the growth of wireless applications and service, the demand for a secure and fast data transfer connection requires new technology solutions capable to ensure the best countermeasure against security attacks. VLC is one of the most promising new wireless communication technology, due to the possibility of using environmental artificial lights as data transfer channel in free-space. On the other hand, VLCs are even inherently susceptible to eavesdropping attacks. This work proposes an innovative scheme in which red, green, blue (RGB) light-emitting-diodes (LEDs) and three color-tuned photo-diodes (PDs) are used to secure a VLC by using a jamming receiver in conjunction with the spread spectrum watermarking technique. To the best of the author's knowledge, this is the ...

Covert Channel Attack to Federated Learning Systems

Federated learning (FL) goes beyond traditional, centralized machine learning by distributing mod... more Federated learning (FL) goes beyond traditional, centralized machine learning by distributing model training among a large collection of edge clients. These clients cooperatively train a global, e.g., cloud-hosted, model without disclosing their local, private training data. The global model is then shared among all the participants which use it for local predictions. In this paper, we put forward a novel attacker model aiming at turning FL systems into covert channels to implement a stealth communication infrastructure. The main intuition is that, during federated training, a malicious sender can poison the global model by submitting purposely crafted examples. Although the effect of the model poisoning is negligible to other participants, and does not alter the overall model performance, it can be observed by a malicious receiver and used to transmit a single bit.

Physical layer security based on spread-spectrum watermarking and jamming receiver

Transactions on Emerging Telecommunications Technologies, 2016

Wireless communications' infrastructures are frequently selected as a cable replacement in many a... more Wireless communications' infrastructures are frequently selected as a cable replacement in many applications giving an immediate advantage on the wireless investment. However, the worldwide proliferation of wireless local area network (WLAN) imposed large investments on the network security. In the early days of Internet, its layered protocol stack did not consider security as a primary concern. Since then a significant amount of literature has been published. This paper proposes a watermark-based blind physical layer security (WBPLSec) utilizing a jamming receiver in conjunction with the spread spectrum watermarking technique. The outage probability of the secrecy capacity is analytically derived, regardless of the eavesdropper position. The theoretical analysis let us draw a secure region around the legitimate receiver. Results indicate how the WBPLSec aims to be a valuable technique for deploying physical layer security. Authors utilized two performance metrics, the outage probability of secrecy capacity for assessing the secure communication effectiveness and the error probability for evaluating the watermark extraction process. Finally, the proposed protocol improves the secrecy capacity performance if compared to other protocols and moreover it has a lower energy consumption.

Physical layer security based on spread-spectrum watermarking and jamming receiver

Transactions on Emerging Telecommunications Technologies, Dec 19, 2016

Wireless communications' infrastructures are frequently selected as a cable replacement in many a... more Wireless communications' infrastructures are frequently selected as a cable replacement in many applications giving an immediate advantage on the wireless investment. However, the worldwide proliferation of wireless local area network (WLAN) imposed large investments on the network security. In the early days of Internet, its layered protocol stack did not consider security as a primary concern. Since then a significant amount of literature has been published. This paper proposes a watermark-based blind physical layer security (WBPLSec) utilizing a jamming receiver in conjunction with the spread spectrum watermarking technique. The outage probability of the secrecy capacity is analytically derived, regardless of the eavesdropper position. The theoretical analysis let us draw a secure region around the legitimate receiver. Results indicate how the WBPLSec aims to be a valuable technique for deploying physical layer security. Authors utilized two performance metrics, the outage probability of secrecy capacity for assessing the secure communication effectiveness and the error probability for evaluating the watermark extraction process. Finally, the proposed protocol improves the secrecy capacity performance if compared to other protocols and moreover it has a lower energy consumption.

Security in Body Networks: Watermark-based Communications on Air-gap Acoustic Channel

BODYNETS 2018 - 13th EAI International Conference on Body Area Networks, 2018

Wireless body area networks (WBAN) are becoming common to collect humans' information. For exampl... more Wireless body area networks (WBAN) are becoming common to collect humans' information. For example patients' vital signs in hospital scenarios. Recently, the interest of cyber-criminals to this information has gone up. Physical layer security is a standalone solution for low-power sensors network and WBAN. This paper describes the application of the watermark-based blind physical layer security (WBPLSec) to audio communications. Results indicate the WBPLSec as valuable technique for WBAN scenarios in which a sensor does not have any additional radio frequency (RF) interface but only a microphone and loudspeakers. Using this technique, the legitimate receiver creates a secure region around itself up to 50 cm. Due to the low data-rate, this technique is a valuable method for key exchange protocol between nodes with a good level of confidentiality.

Acoustic-Based Security: A Key Enabling Technology for Wireless Sensor Networks

International Journal of Wireless Information Networks, 2019

Technological advances have proliferated in several sectors by developing additional capabilities... more Technological advances have proliferated in several sectors by developing additional capabilities in the field of systems engineering. These improvements enabled the deployment of new and smart products. Today, wireless body area networks (WBAN) are commonly used to collect humans' information, hence this evolution exposes wireless systems to new security threats. Recently, the interest by cyber-criminals in this information has increased. Many of these wireless devices are equipped with passive speakers and microphones that may be used to exchange data with each other. This paper describes the application of the watermark-based blind physical layer security (WBPLSec) to acoustic communications as unconventional wireless link. Since wireless sensors have a limited computation power the WBPLSec is a valuable physical layer standalone solution to save energy. Actually, this protocol does not need any additional radio frequency (RF) connection. Indeed, it combines watermarking and a jamming techniques over sound-waves to create secure region around the legitimate receiver. Due to their nature, wireless communications might experience eavesdropping attacks. The analysis proposed in this paper, addresses countermeasures against confidentiality attacks on short-range wireless communications. The experiments over the acoustic air-gap channel showed that WBPLSec can create a region two meters wide in which wireless nodes are able to communicate securely. Therefore, the results favor the use of this scheme as a key enabling technology to protect the confidentiality in wireless sensor networks.

Cybersecurity Assessment of the Polar Bluetooth Low Energy Heart-rate Sensor

EAI International Conference on Body Area Networks At: Florence, Italy, 2019

Wireless communications among wearable and implantable devices implement the information exchange... more Wireless communications among wearable and implantable devices implement the information exchange around the human body. Wireless body area network (WBAN) technology enables non-invasive applications in our daily lives. Wireless connected devices improve the quality of many services, and they make procedures easier. On the other hand, they open up large attack surfaces and introduces potential security vulnerabilities. Bluetooth low energy (BLE) is a low-power protocol widely used in wireless personal area networks (WPANs). This paper analyzes the security vulnerabilities of a BLE heart-rate sensor. By observing the received signal strength indicator (RSSI) variations, it is possible to detect anomalies in the BLE connection. The case-study shows that an attacker can easily intercept and manipulate the data transmitted between the mobile app and the BLE device. With this research, the author would raise awareness about the security of the heart-rate information that we can receive from our wireless body sensors.

Watermark-based Secure Communications in Safety-Related Scenarios

by Simone Soderi, Lorenzo Mucchi, Matti Hämäläinen, and Jari Iinatti

The technological innovation has enabled the spread of safety-related systems in many domains, su... more The technological innovation has enabled the spread of safety-related systems in many domains, such as public transport, energy, and medical devices. In these applications, security is one of the primary concerns. This paper proposes a watermark-based blind physical layer security (WBPLSec) utilizing a jamming receiver in conjunction with spread spectrum watermarking technique. The outage probability of the secrecy capacity is analytically derived, being regardless of the eavesdropper position. Results indicate the WBPLSec a valuable technique for deploying physical layer security creating a secure region around the receiver, such as the legitimate medical device.

Cybersecurity considerations for Communication Based Train Control

The Seventh Nordic Workshop on System and Network Optimization for Wireless (SNOW'16), 2016

Communication Based Train Control (CBTC) and the European Rail Traffic Management Systems (ERTMS)... more Communication Based Train Control (CBTC) and the European Rail Traffic Management Systems (ERTMS) are prevailing radio controlled systems for railway. As a part of the ERTMS standard, the European Train Control System (ETCS) implements on-board control systems throughout multiple radios. CBTC makes use of RF-based data communication systems (DCSs) for train control and traffic management. Even if ERTMS and CBTC have different origins, both make use of wireless communications for safety related systems. This paper describes cybersecurity considerations for CBTC. First, authors studied the impact of security on intra-vehicular communications in a real tunnel scenario, e.g. for urban transit where the usage of security is mandatory in order to maintain the system safety. Secondly, the impact of a jamming attack against ETCS radio has been analyzed. Measurement campaigns confirmed Host Identity Protocol (HIP) as an effective security solution at layer 3 in terms of the protocol overhead introduced. On the other hand, the Balise Transmission Module (BTM), included in ETCS standard, is sensitive to jamming attack and the measurements presented here would offer the sights for further security considerations around the CBTC.

Receiver Structures

by Raffaello Tesi, Matti Hämäläinen, Jari Iinatti, and Simone Soderi

Oppermann/UWB: Theory and Applications, 2004

Evaluation of industrial wireless communications systems’ security

Acta Universitatis Ouluensis. C, Technica, 2016

The worldwide success of wireless communications was originally fueled by the possibility to repl... more The worldwide success of wireless communications was originally fueled by the possibility to replace existing cables with wireless solutions. This phenomenon imposed the development of security engineering as a multidisciplinary field. Although wireless solutions can reduce installation costs and allow introducing new services, the end–users expect it to have the same level of security as they would normally have with wired solutions. Secure communications is an important part of the overall security of industrial wireless communications systems (IWCS).
The aim of this thesis is to develop new security engineering methodologies for IWCS. The author develops countermeasures against confidentiality and integrity attacks and carries out a security analysis covering the protocol, electromagnetic and physical layer. In the first part of the thesis, Host Identity Protocol (HIP) is utilized to secure communication in an intra–vehicular network. Simulations and measurement campaigns are also conducted to evaluate the impact of the overhead on security in a tunnel, considering line–of–sight (LOS) and non–LOS (NLOS) scenarios.
Electromagnetic analysis (EMA) is an important step in the development of safety–related systems. Today, the increasing usage of smaller integrated circuit also increases the susceptibility to electromagnetic (EM) interference. From near–field (NF) to far–field (FF) transformation, a method for the evaluation of the emissions leakage is investigated. The virtual EM (VEM) interface of the device–under–test (DUT) is studied, and it is described how an adversary can exploit it for denial of service (DoS) attacks. An effective jamming attack model is studied, and the theoretical calculations are validated with experiment–based results.
Finally, focusing attention on physical layer security, two algorithms are developed. Active radio frequency fingerprinting (RFF) implements the exchange of a public key during the setup of secure communication. Afterwards, utilizing a jamming receiver in conjunction with the spread spectrum (SS) watermarking technique, the watermark–based blind physical layer security (WBPLSec) protocol is presented. The analysis and results indicate how the WBPLSec seems to be a valuable technique for deploying physical layer security by creating a secure region around the receiver.