Cybersecurity
The laboratory carries out research and technology transfer activities in various areas of IT security:
- Applied Cryptography;
- Network and Web Security;
- Software Security;
- Embedded System Security;
- Usable Security.
The research activity is carried out rigorously, with the aid of formal verification techniques, and is aimed at improving the state of the art of security of real systems. The laboratory, through some of its participants, has founded two spin-offs, Cryptosense and 10Sec, which transfer research results to industry through the development of highly innovative products in the field of cryptography and IoT.
Collaborators
- Matteo Busi (Postdoc)
- Francesco Palmarini (Postdoc)
- Leonardo Veronese (Postdoc)
- Alessia Michela Di Campi (PhD Student)
- Lorenzo Cazzaro (PhD Student)
Collaborations
- Vienna University of Technology
- Masaryk University (with a dual PhD program in Cybsersecurity)
- CISPA Helmholtz Center for Information Security
Publications
- Riccardo Focardi and Flaminia Luccio. A formally verified configuration for Hardware Security Modules in the cloud. In Giovanni Vigna, Elaine Shi, Proceedings of the ACM Conference on Computer and Communications Security (ACM CCS), pp. 412-428
https://dl.acm.org/doi/10.1145/3460120.3484785 - 2021 - Stefano Calzavara, Riccardo Focardi, Matús Nemec, Alvise Rabitti, Marco Squarcina: Postcards from the Post- HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. IEEE Symposium on Security and Privacy (IEEE S&P 2019), pp. 281-298
https://ieeexplore.ieee.org/document/8835223 - 2019 - Claudio Bozzato, Riccardo Focardi, Francesco Palmarini. Shaping the Glitch: Optimizing Voltage Fault Injection Attacks. In Transactions on Cryptographic Hardware and Embedded Systems (TCHES), vol. 2019, pp. 199-224 (ISSN 2569-2925)
https://tches.iacr.org/index.php/TCHES/article/view/7390 - 2019 - Riccardo Focardi, Francesco Palmarini, Marco Squarcina, Graham Steel, Mauro Tempesta: Mind Your Keys? A Security Evaluation of Java Keystores. Proceedings of the Network and Distributed System Security Symposium (NDSS 2018).
http://dx.medra.org/10.14722/ndss.2018.23083 - 2018 - Stefano Calzavara, Riccardo Focardi, Matteo Maffei, Clara Schneidewind, Marco Squarcina, Mauro Tempesta WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring , Proceedings of the 27th USENIX Security Symposium, pp. 1493-1510
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-calzavara.pdf - 2018
Case studies
- The paper "Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem" on the security analysis of the Web in the wild has been presented at IEEE S&P 2019 and covered on Wired:
- Lily Hay Newman, HTTPS Isn’t Always as Secure as it Seems, 28 March 2019, Wired
- Catherine Chapman , False sense of security? HTTPS is no panacea, researchers warn, 16 May 2019, The Daily Swig (https://portswigger.net/daily-swig/false-sense-of-security-https-is-no-panacea-researchers-warn)
- Preview video: https://www.youtube.com/watch?v=MVqR9qMwWRE
- The paper "Mind Your Keys? A Security Evaluation of Java Keystores" has drastically improved the security of Java keystores after our findings. See the related vulnerability reports from Oracle:
- CVE-2018-2794, Oracle Java, CVSS 3.0 Base Score 7.7 (HIGH)
- CVE-2017-10356, Oracle Java, CVSS 3.0 Base Score 6.2 (MEDIUM)
- CVE-2017-10345, Oracle Java, CVSS 3.0 Base Score 3.1 (LOW)
Research projects
- SOFT: Security Oriented Formal Techniques (Principal Investigator: Riccardo Focardi)
PRIN - Research Projects of National Relevance, funded by the Italian Ministry of University and Research, Length: 09/2008 - 09/2010 - DOMHO: Secure IoT home automation system for smart buildings (Local PI: Riccardo Focardi)
ROP ERDF: Regional Operational Programme, European Regional Development Fund, Length: 11/2017 - 10/2020 - SAFE PLACE: IoT systems for healthy and safe living environments (Local PI: Riccardo Focardi)
ROP ERDF: Regional Operational Programme, European Regional Development Fund, Length: 01/2021 - 12/2022 - Cybersecurity in IOT Devices for smart building (Local PI: Flaminia Luccio)
Funded by Confindustria Vento SIAV Spa, AVI/077A/19, Length: 06/2020 - 12/2021 - Securing Smartibuilding Devices (Local PI: Flaminia Luccio)
Funded by BFT SpA, Length: 07/2020 - 12/2020 - UniKey (Local PI: Flaminia Luccio)
Project co-funded by the SMACT competence center in collaboration with Keyline SpA, Length: 07/2020 - 12/2020 - FilieraSicura: Security of national infrastructures (Local PI: Riccardo Focardi)
Research project funded by CISCO and Leonardo, Length: 01/2017 - 12/2019 - Security Horizons (Local PI: Riccardo Focardi)
PRIN - Research Projects of National Relevance, funded by the Italian Ministry of University and Research, Length: 02/2013 - 02/2016 - Formal methods for security (Local PI: Riccardo Focardi)
PRIN - Research Projects of National Relevance, funded by the Italian Ministry of University and Research, Length: 12/2001 - 12/2003 - MyThS: Models and Types for Security in Mobile Distributed Systems (Local PI: Michele Bugliesi, Key personnel: Riccardo Focardi)
FET-Global Computing, IST-2001-32617, Length: 2002 - 2004
Last update: 22/10/2024