Contact InfoDepartment of Information Engineering
and Computer Science (DISI)
University of Trento
via Sommarive 14, I-38123 Povo (TN), Italy
Some of my recent papers (check also the full list)
- Attaullah Buriro, Bruno Crispo, Filippo DelFrari, Jeffrey Klardie, Konrad Wrona, ITSME: Multi-modal and Unobtrusive Behavioural User Authentication for Smartphones presented at PASSWORDS 2015.
- Yury Zhauniarovich, Maqsood Ahmad, Olga Gadyatskaya, Bruno Crispo, Fabio Massacci, StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications. presented at Codaspy 2015 .
- Yury Zhauniarovich, Giovanni Russello, Mauro Conti, Bruno Crispo, Earlence Fernandes MOSES: Supporting and Enforcing Security Profiles on Smartphones. Published on IEEE Transactions on Dependable and Secure Computing, 11(3): 211-223 (2014).
Behavioural Biometrics Several field studies show that users are very reluctant on using traditional authentication methods like PIN and password to authenticate to the new generation of devices like smartphone, smart watches, fitness bands, etc. In this activity we are interested in designing and evaluating new user authentication methods for IoT. These methods are based on behavioral biometrics, thus biometrics based on how users perform particular activities. MEMS technology embedded in almost all these new devices allows the implementation of new biometrics without the need for additional or specialized hardware. Here the challenges is to design methods that at the same time users accept and find easy to use and achieve the necessary accuracy to provide the desired level of security. This topic of research is typically multidisciplinary since involves competences in the area of security and privacy, machine learning and computer-human interactions.
Mobile Platforms Security and Privacy: Smartphones became a pervasive computing and communication platform used by people to perform many activities besides placing and receiving phone calls. However, the protection and security models supported by such platforms have been shown not to adequately address security and privacy concerns of their users. This research activity is structure in two different threads. The first, aims at extending and strengthening the security models and mechanisms of existing smart-phone platforms. Particularly challenging in this domain is to find solutions that can increase the security and privacy of users without affecting usability. The second, acts directly on the mobile applications. Here the focus is the development of innovative techniques that combine static and dynamic approaches to analyse the security of the application. Particularly challenging is the analysis of the code uploaded only at runtime and the analysis of programming constructs that hide their semantics (i.e. reflections).
Encrypted Queries for Cloud This research aims at developing new algorithms and protocols allowing to
perform complex queries (i.e. SQL-like) over encrypted data thus obtaining end-to-end
confidentiality for Cloud scenarios. The requirement is to prevent or limit the leakage of
information about the data are queried, about the query itself (including the source) and about the
results of the query. All operations are performed over encrypted data, so there is no need ever to
have the data in plaintext. We also study the feasibility of such methods in realistic scenarios (i.e.
e-healthcare application, publisher-subscriber systems).
- Automotive Security and Privacy In this research thread we investigate the problem of protecting cyber-physical systems. We focus our attention mainly to the automotive industry. Modern cars changed radically in the last 20 years and now some car embeds even hundreds of small and simple micro-controllers. These are all interconnected in order to manage and control the different subsystems of the car (breaking system, motor injection, airbags, etc.) Cars have also capability to communicate among themselves (V2V) and to communicate with surrounding infrastructures (V2I). All this complexity has brought vulnerabilities and attacks that were typical on Internet to this new domain plus some there are specific to this domain. In this research activity we investigate new attack vectors that are possible with car technology, the design of the security of the smallest units of the car (ECU) and the security and privacy of the many networking technology they are going to use.
Research projects I am currently involved in
NeCS: European Network fro Cyber Security (EU)
The European Network for Cybersecurity (NECS) was formed in response to the increased need of highly qualified experts able to cope with all the aspects of the European cyber security strategy that is currently under implementation.There is indeed an evident need and opportunity to grow a new generation of young researchers able to answer this demand for expertize. This 4-year project for a cybersecurity research and training network aims at contributing to answer this increased demand of human expertise in the field.
SecurePhone EIT Digital
The project delivers a high secure smartphone targeted mainly for the public safety market and top management. Up to date, the market does not offer a solution that combine high security and usability. Our top-grade, HW-secured smartphone platform features trusted boot, secure storage, tamper resistant measures and innovative biometric authentication methods based on the behaviour of the user and its interactions with the handset. Biometrics templates as well as other sensitive information need to be protected while stored on the phone, This will be guaranteed by secure storage on chip designed and produced by STM. The secure handset will be produced and commercialized by Bittium. On this respect, a detailed business plan and a comprehensive marketing and commercial strategy will be produced.
OF2CEN: Online Fraud Cyber Centre and Experts Network (EU)
On-line frauds had a tremendous increase in the last few years. Modern on-line frauds (possible through an illegal use of internet) are the result of complex and sophisticated criminal activities that leverage technical vulnerabilities, misconfigurations, weak websites, malicious codes and lack of user awareness. OF2CEN has the objective to fight e-crime through a strong cooperative network of actors involved in the detection and management of specific electronic crimes, including on-line frauds. By taking advantages of collaboration among banks, credit card issuers, European law enforcement agencies and recognized risk management firms, the project implement an Information Sharing platform in order to analyze and mitigate electronic crimes risks.
Scientific events I am currently involved in
- ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2016) , Darmstadt, Germany, 18-20 July 2016. (Program Committee member)
- ISC 2016: the 19th Information Security Conference , Honululu, HI, USA, 5-7 September 2016. (Program Committee member)