Last generation denial of service attacks and botnets
Denial of service (DoS) attacks evolved and consolidated as severe security threats to network servers, not only for internet service providers but also for governments. Earlier DoS attacks involved high-bandwidth flood-based approaches exploiting vulnerabilities of networking and transport protocol layers. Subsequently, distributed DoS attacks have been introduced amplifying not only the overall attack bandwidth but also the attack source, thus eluding simple counter measures based on source filtering. Last generation low bit-rate approaches, instead, exploit vulnerabilities of application layer protocols to accomplish DoS or DDoS attacks. The investigation of such threats, that we call Slow DoS Attacks is particularly challenging, due to their impact and characteristics.
Projects: FINSEC | CYBIC
Internet of Things security
Internet of Things (IoT) is one of the technologies emerging in these years, for both IT and OT contexts. The IoT phenomenon has been labeled by experts as "the next Industrial Revolution”: nowadays, around 30 billions of IoT devices are connected over the Internet and such number is expected to increase in the next years, to nearly 75 billions of IoT devices expected to be alive in late 2025. Because of the nature of these devices, adopted in different contexts such as home automation, healthcare, Industry 4.0 or robotics, located in sensitive positions or accessing sensitive data, IoT security is a critical and emerging topic. Based on this concept, the identification of vulnerabilities against IoT systems is a crucial activity, in order to ensure security of IoT devices, networks and protocols. Our research is focused in this direction, with the identification of vulnerabilities, design and development of innovative IoT threats and related implementation of countermeasures.
Investigation of innovative covert channel methods
Nowadays, covert channel is one of the major network vulnerabilities, due to their stealthiness and potential impact. Covert channel often involves header field manipulation of network protocols like TCP, IP, ICMP, HTTP/HTTPS, DNS. In this case, we talk of covert storage channel. In contrast, covert timing channels manupilate packet timing (e.g. inter-packet time) to vehiculate stealth information on the communication medium. More recently, covert channel techniques for mobile devices have been developed, such as carrying secret data through silent periods occurring in voice calls based on VoIP and VoLTE (VoIP over LTE) protocols. Other approaches exploit SMS text messages, hence, telephony networks, to initiate a covert channel. It was evaluated just in terms of time performance. Our research on covert channels is accomplished to master the field and identify novel vulnerabilities in this context, also proposing appropriate protection systems.