In this work, we present a device-centric analysis of security and privacy attacks and defenses on Extended Reality (XR) devices, highlighting the need for robust and privacy-aware security ...mechanisms. Based on our analysis, we present future research directions and propose design considerations to help ensure the security and privacy of XR devices.
Recent advancements in drone technology have shown that commercial off-the-shelf Micro Aerial Drones are more effective than large-sized drones for performing flight missions in narrow environments, ...such as swarming, indoor navigation, and inspection of hazardous locations. Due to their deployments in many civilian and military applications, safe and reliable communication of these drones throughout the mission is critical. The Crazyflie ecosystem is one of the most popular Micro Aerial Drones and has the potential to be deployed worldwide. In this paper, we empirically investigate two interference attacks against the Crazy Real Time Protocol (CRTP) implemented within the Crazyflie drones. In particular, we explore the feasibility of experimenting two attack vectors that can disrupt an ongoing flight mission: the jamming attack, and the hijacking attack. Our experimental results demonstrate the effectiveness of such attacks in both autonomous and non-autonomous flight modes on a Crazyflie 2.1 drone. Finally, we suggest potential shielding strategies that guarantee a safe and secure flight mission. To the best of our knowledge, this is the first work investigating jamming and hijacking attacks against Micro Aerial Drones, both in autonomous and non-autonomous modes.
In the last decade, a new class of cyber-threats has emerged. This new
cybersecurity adversary is known with the name of "Advanced Persistent Threat"
(APT) and is referred to different organizations ...that in the last years have
been "in the center of the eye" due to multiple dangerous and effective attacks
targeting financial and politic, news headlines, embassies, critical
infrastructures, TV programs, etc. In order to early identify APT related
malware, a semi-automatic approach for malware samples analysis is needed. In
our previous work we introduced a "malware triage" step for a semi-automatic
malware analysis architecture. This step has the duty to analyze as fast as
possible new incoming samples and to immediately dispatch the ones that deserve
a deeper analysis, among all the malware delivered per day in the cyber-space,
the ones that really worth to be further examined by analysts. Our paper
focuses on malware developed by APTs, and we build our knowledge base, used in
the triage, on known APTs obtained from publicly available reports. In order to
have the triage as fast as possible, we only rely on static malware features,
that can be extracted with negligible delay, and use machine learning
techniques for the identification. In this work we move from multiclass
classification to a group of oneclass classifier, which simplify the training
and allows higher modularity. The results of the proposed framework highlight
high performances, reaching a precision of 100% and an accuracy over 95%
In the 21st century, the industry of drones, also known as Unmanned Aerial Vehicles (UAVs), has witnessed a rapid increase with its large number of airspace users. The tremendous benefits of this ...technology in civilian applications such as hostage rescue and parcel delivery will integrate smart cities in the future. Nowadays, the affordability of commercial drones expands its usage at a large scale. However, the development of drone technology is associated with vulnerabilities and threats due to the lack of efficient security implementations. Moreover, the complexity of UAVs in software and hardware triggers potential security and privacy issues. Thus, posing significant challenges for the industry, academia, and governments. In this paper, we extensively survey the security and privacy issues of UAVs by providing a systematic classification at four levels: Hardware-level, Software-level, Communication-level, and Sensor-level. In particular, for each level, we thoroughly investigate (1) common vulnerabilities affecting UAVs for potential attacks from malicious actors, (2) existing threats that are jeopardizing the civilian application of UAVs, (3) active and passive attacks performed by the adversaries to compromise the security and privacy of UAVs, (4) possible countermeasures and mitigation techniques to protect UAVs from such malicious activities. In addition, we summarize the takeaways that highlight lessons learned about UAVs' security and privacy issues. Finally, we conclude our survey by presenting the critical pitfalls and suggesting promising future research directions for security and privacy of UAVs.
Biometrics security is a dynamic research area spurred by the need to protect personal traits from threats like theft, non-authorised distribution, reuse and so on. A widely investigated solution to ...such threats consists in processing the biometric signals under encryption, to avoid any leakage of information towards non-authorised parties. In this paper, we propose to leverage on the superior performance of multimodal biometric recognition to improve the efficiency of a biometric-based authentication protocol operating on encrypted data under the malicious security model. In the proposed protocol, authentication relies on both facial and iris biometrics, whose representation accuracy is specifically tailored to trade-off between recognition accuracy and efficiency. From a cryptographic point of view, the protocol relies on SPDZ a new multy-party computation tool designed by Damgaard et al. Experimental results show that the multimodal protocol is faster than corresponding unimodal protocols achieving the same accuracy.
Given the huge impact that Online Social Networks (OSN) had in the way people get informed and form their opinion, they became an attractive playground for malicious entities that want to spread ...misinformation, and leverage their effect. In fact, misinformation easily spreads on OSN and is a huge threat for modern society, possibly influencing also the outcome of elections, or even putting people's life at risk (e.g., spreading "anti-vaccines" misinformation). Therefore, it is of paramount importance for our society to have some sort of "validation" on information spreading through OSN. The need for a wide-scale validation would greatly benefit from automatic tools. In this paper, we show that it is difficult to carry out an automatic classification of misinformation considering only structural properties of content propagation cascades. We focus on structural properties, because they would be inherently difficult to be manipulated, with the the aim of circumventing classification systems. To support our claim, we carry out an extensive evaluation on Facebook posts belonging to conspiracy theories (as representative of misinformation), and scientific news (representative of fact-checked content). Our findings show that conspiracy content actually reverberates in a way which is hard to distinguish from the one scientific content does: for the classification mechanisms we investigated, classification F1-score never exceeds 0.65 during content propagation stages, and is still less than 0.7 even after propagation is complete.