Matteo Signorini, PhD

Matteo Signorini, PhD

Nokia Bell Labs Researcher

Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

About me

Posts

Future Blog Post

less than 1 minute read

Published:

This post will show up by default. To disable scheduling of future posts, edit config.yml and set future: false.

Blog Post number 4

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 3

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 2

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 1

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

patents

portfolio

publications

Smart User Authentication for an Improved Data Privacy

Published in Advanced Research in Data Privacy. Studies in Computational Intelligence, 2014

Market analysis predicts that in a few years, companies, universities, government agencies as well as common people in they daily life will increasingly adopt mobile computing systems thus increasingly enjoying the benefits of online, Internet-based services. However, such scenario will also expose user data privacy to severe attacks. This situation has led to the development of authentication approaches aimed at preventing unauthorized access to user data. Many different authentication approaches have been proposed over the last years, starting from basic password to more complex biometric solutions but all of them have proven to suffer from the same weaknesses. This issue drove us to design a solution based upon hardware intrinsic security features and aimed at guaranteeing a high level of data privacy while providing a user friendly authentication process. Our solution shows advanced features of data privacy policies definition making it a good candidate for the construction of future data privacy policies.

Recommended citation: Daza V., Signorini M. (2015) Smart User Authentication for an Improved Data Privacy. In: Navarro-Arribas G., Torra V. (eds) Advanced Research in Data Privacy. Studies in Computational Intelligence, vol 567. Springer, Cham

FORCE: Fully off-line secure credits for mobile micro payments

Published in 11th International Conference on Security and Cryptography, 2014

Payment schemes based on mobile devices are expected to supersede traditional electronic payment approaches in the next few years. However, current solutions are limited in that protocols require at least one of the two parties to be on-line, i.e. connected either to a trusted third party or to a shared database. Indeed, in cases where customer and vendor are persistently or intermittently disconnected from the network, any on-line payment is not possible. This paper introduces FORCE, a novel mobile micro payment approach where all involved parties can be fully off-line. Our solution improves over state-of-the-art approaches in terms of payment flexibility and security. In fact, FORCE relies solely on local data to perform the requested operations. Present paper describes FORCE architecture, components and protocols. Further, a thorough analysis of its functional and security properties is provided showing its effectiveness and viability.

Recommended citation: V. Daza, R. Di Pietro, F. Lombardi and M. Signorini, "FORCE: Fully off-line secure credits for mobile micro payments," 2014 11th International Conference on Security and Cryptography (SECRYPT), Vienna, 2014, pp. 1-12.

CloRExPa: Cloud resilience via execution path analysis

Published in Future Generation Computer Systems, 2014

Despite the increasing interest around cloud concepts, current cloud technologies and services related to security are not mature enough to enable a more widespread industrial acceptance of cloud systems. Providing an adequate level of resilience to cloud services is a challenging problem due to the complexity of the environment as well as the need for efficient solutions that could preserve cloud benefits over other solutions. In this paper we provide the architectural design, implementation details, and performance results for a customizable resilience service solution for cloud guests. This solution leverages execution path analysis. In particular, we propose an architecture that can trace, analyze and control live virtual machine activity as well as intervened code and data modifications possibly due to either malicious attacks or software faults. Execution path analysis allows the virtual machine manager (VMM) to trace the VM state and to prevent such a guest from reaching faulty states.

Recommended citation: Roberto Di Pietro, Flavio Lombardi, Matteo Signorini: "CloRExPa: Cloud resilience via execution path analysis", Future Generation Computer Systems - Volume 32, 2014, Pages 168-179, ISSN 0167-739X

SOLDI: Secure Off-Line Disposable CredIts to Secure Mobile Micro Payments

Published in ICETE Communications in Computer and Information Science, 2015

Mobile-based payment schemes are increasingly widespread albeit suffering from a number of limitations. In fact, current protocols require at least one of the two parties to be on-line, i.e. connected either to a trusted third party or to a shared database. In particular, in scenarios where customers and vendors are persistently or intermittently disconnected from the network, no on-line payment is possible. This paper discusses SOLDI, a novel mobile micro-payment approach where all involved parties can be fully off-line. SOLDI relies solely on local data to perform the requested operations and improves over state-of-the-art approaches in terms of payment flexibility and security. SOLDI architecture and protocols are discussed in depth in this paper. Finally, security properties and main functionalities are analyzed in depth, showing SOLDI viability, benefits, and further development directions.

Recommended citation: Daza V., Di Pietro R., Lombardi F., Signorini M. (2015) SOLDI: Secure Off-Line Disposable CredIts to Secure Mobile Micro Payments. In: Obaidat M., Holzinger A., Filipe J. (eds) E-Business and Telecommunications. ICETE 2014. Communications in Computer and Information Science, vol 554. Springer, Cham

FRoDO: Fraud Resilient Device for Off-Line Micro-Payments

Published in IEEE Transactions on Dependable and Secure Computing, 2016

Credit and debit card data theft is one of the earliest forms of cybercrime. Still, it is one of the most common nowadays. Attackers often aim at stealing such customer data by targeting the Point of Sale (for short, PoS) system, i.e. the point at which a retailer first acquires customer data. Modern PoS systems are powerful computers equipped with a card reader and running specialized software. Increasingly often, user devices are leveraged as input to the PoS. In these scenarios, malware that can steal card data as soon as they are read by the device has flourished. As such, in cases where customer and vendor are persistently or intermittently disconnected from the network, no secure on-line payment is possible. This paper describes FRoDO, a secure off-line micro-payment solution that is resilient to PoS data breaches. Our solution improves over up to date approaches in terms of flexibility and security. To the best of our knowledge, FRoDO is the first solution that can provide secure fully off-line payments while being resilient to all currently known PoS breaches. In particular, we detail FRoDO architecture, components, and protocols. Further, a thorough analysis of FRoDO functional and security properties is provided, showing its effectiveness and viability.

Recommended citation: V. Daza, R. D. Pietro, F. Lombardi and M. Signorini, "FRoDO: Fraud Resilient Device for Off-Line Micro-Payments," in IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 2, pp. 296-311, 1 March-April 2016.

Assessment and Authorization in Private Cloud Security

Published in CRC Press - Security in the Private Cloud, 2016

Cloud computing is nowadays a well-established computing model that provides many advantages to organizations (service providers and users) in terms of massive scalability, lower cost, and flexibility. The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned on a pay-as-you-go basis [1]. Nevertheless, the level of service and the nonfunctional properties of cloud applications are still an open problem. In the past few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, especially with respect to security aspects. However, despite these technical and economical benefits, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns.

Recommended citation: Di Pietro, Roberto and Lombardi, Flavio and Signorini, Matteo: Assessment and Authorization in Private Cloud Security - Security in the Private Cloud, CRCPress - 2016

Secure Management of Virtualized Resources

Published in Security in the Private Cloud, 2016

This comprehensive handbook serves as a professional reference and practitioner’s guide to today’s most complete and concise view of private cloud security. It explores practical solutions to a wide range of private cloud computing security issues. The knowledge imparted will enable readers to determine whether the private cloud security solution is appropriate for their organization from a business and technical perspective, to select the appropriate cloud security model, and to plan and implement a cloud security adoption and migration strategy.

Recommended citation: R.D. Di Pietro, F. Lombardi, M. Signorini, "Secure Management of Virtualized Resources" in Security in the Private Cloud, CRC Press, 2016.

CONNECT: CONtextual NamE disCovery for blockchain-based services in the IoT

Published in IEEE International Conference on Communications, 2017

The Internet of Things is gaining momentum thanks to the provided vision of seamlessly interconnected devices. However, a unified way to discover and to interact with the surrounding smart environment is missing. As an outcome, we have been assisting to the development of heterogeneous ecosystems, where each service provider adopts its own protocol- thus preventing IoT devices from interacting when belonging to different providers. And, the same is happening again for the blockchain technology which provides a robust and trusted way to accomplish tasks -unfortunately not providing interoperability thus creating the same heterogeneous ecosystems above highlighted. In this context, the fundamental research question we address is how do we find things or services in the Internet of Things. In this paper, we propose the first IoT discovery approach which provides an answer to the above question by exploiting hierarchical and universal multi-layered blockchains. Our approach does neither define new standards nor force service providers to change their own protocol. On the contrary, it leverages the existing and publicly available information obtained from each single blockchain to have a better knowledge of the surrounding environment. The proposed approach is detailed and discussed with the support of relevant use cases.

Recommended citation: V. Daza, R. Di Pietro, I. Klimek and M. Signorini, "CONNECT: CONtextual NamE disCovery for blockchain-based services in the IoT," 2017 IEEE International Conference on Communications (ICC), Paris, 2017, pp. 1-6. doi: 10.1109/ICC.2017.7996641

CoLLIDE: CLoud Latency-based IDEntification

Published in Procedia Computer Science, 2017

As services steadily migrate to the Cloud, the availability of an overarching identity framework has become a stringent need. Moreover, such an identity framework is now critical in the Internet of Things. To address this problem, identification solutions have been proposed in the past leveraging software or hardware properties of devices. While those solutions proved feasible, their root of trust was based either within the device or in a remote server. In this paper, we overcome the above paradigm and star investigating novel perspectives offered by an overarching identity framework that is not based on client/server properties, but on the network latency of their communications. The core idea behind our approach is to leverage cloud client/server interactions’ latency patterns over the network to derive unique and unpredictable identity factors. Such factors can be used to design and implement effective identification schemes especially suitable for cloud-based services. To the best of our knowledge, our approach is the first one ensuring unclonability and unpredictability properties, relying on neither trusted computing bases (TCBs) nor on classical pseudo-random number generators (PRNGs). The experimental tests presented in this paper, conducted on worst case conditions, show that the network latency (generated between two interacting devices) can produce random values with properties close to the ones generated by most of the well-known PRNGs, that are an ideal fit for providing unique identifiers.

Recommended citation: Vanesa Daza, Roberto Di Pietro, Flavio Lombardi, Matteo Signorini, CoLLIDE: CLoud Latency-based IDEntification, Procedia Computer Science, Volume 113, 2017, Pages 81-88, ISSN 1877-0509,

Small Transactions with Sustainable Incentives

Published in 9th International Conference on New Technologies, Mobility and Security, 2018

The design of a successful distributed system for enabling payments and small transactions among Internet users has long been a major challenge in applied computer science. Bitcoin, the first cryptocurrency having reached world-wide popularity, suffers from sustainability problems such as inefficient energy expenditure for its network operation and from perverse incentives that foster speculative hoarding behavior. We propose a digital transfer system based on a variant of the Bitcoin ledger that is meant to support deterministic small payments with enforced proportional transaction fees: to achieve this property, we renounce the persistence of balances expected of a cryptocurrency, thus mitigating currency hoarding. We introduce at the same time a novel external incentive mechanism based on a verifiable third party with the goal of promoting long-term sustainability, adjusting the margins of profitability for contributors to the proof-of-work scheme without stifling the transaction rate.

Recommended citation: F. Pianese, M. Signorini and S. Sarkar, "Small Transactions with Sustainable Incentives," 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, 2018, pp. 1-5.

N-Guard: a Solution to Secure Access to NFC tags

Published in IEEE Conference on Communications and Network Security, 2018

In this paper we propose N-Guard: a portable, effective, and efficient solution to thwart contactless skimming of NFC cards. Our solution enables an NFC-compliant smartphone to protect the user’s cards, preventing the adversary from harvesting the cards’ data. Moreover, we also introduce a fine grained access control mechanism, allowing the user to discriminate between NFC cards that can be opportunistically queried and sensitive ones that can be read only under the strict permission of the owner. We implemented a proof-of-concept of N-Guard for Android OS and tested it under several digital skimming scenarios showing its effectiveness in thwarting unauthorized access attempts. Moreover, we also measured the consumption of N-Guard and proved that its energy consumption is negligible. Further, it is worth noting that N-Guard requires neither any specific modification to the NFC standard, nor any change on users behavior. Finally, through some empirical evidence, we show N-Guard to be effective even when the interaction between the NFC tags and the reader is driven by proprietary protocols (e.g. Mastercard). All the reported results, having being developed over an NFC-enabled credit-card use case, are general and applicable to all NFC tags.

Recommended citation: R. D. Pietro, G. Oligeri, X. Salleras and M. Signorini, "N-Guard: a Solution to Secure Access to NFC tags," 2018 IEEE Conference on Communications and Network Security (CNS), Beijing, 2018, pp. 1-9.

ADvISE: Anomaly Detection tool for blockchaIn SystEms

Published in IEEE World Congress on Services (SERVICES), 2018

Anomaly detection tools play a role of paramount importance in protecting networks and systems from unforeseen attacks, usually by automatically recognizing and filtering out anomalous activities. In this paper we present ADvISE: the first Anomaly Detection tool for blockchaIn SystEms which leverages blockchain meta-data, named forks, in order to collect potentially malicious requests in the network/system while being resilient to eclipse attacks. ADvISE collects and analyzes malicious forks to build a threat database that enables detection and prevention of future attacks.

Recommended citation: M. Signorini, M. Pontecorvi, W. Kanoun and R. Di Pietro, "ADvISE: Anomaly Detection tool for blockchaIn SystEms," 2018 IEEE World Congress on Services (SERVICES), San Francisco, CA, 2018, pp. 65-66. doi: 10.1109/SERVICES.2018.00046

BAD: Blockchain Anomaly Detection

Published in arXiv , 2018

Anomaly detection tools play a role of paramount importance in protecting networks and systems from unforeseen attacks, usually by automatically recognizing and filtering out anomalous activities. Over the years, different approaches have been designed, all focused on lowering the false positive rate. However, no proposal has addressed attacks targeting blockchain-based systems. In this paper we present BAD: the first Blockchain Anomaly Detection solution. BAD leverages blockchain meta-data, named forks, in order to collect potentially malicious activities in the network/system. BAD enjoys the following features: (i) it is distributed (thus avoiding any central point of failure), (ii) it is tamper-proof (making not possible for a malicious software to remove or to alter its own traces), (iii) it is trusted (any behavioral data is collected and verified by the majority of the network) and (iv) it is private (avoiding any third party to collect/analyze/store sensitive information). Our proposal is validated via both experimental results and theoretical complexity analysis, that highlight the quality and viability of our Blockchain Anomaly Detection solution.

Recommended citation: Matteo Signorini, Matteo Pontecorvi, Wael Kanoun and Roberto Di Pietro: "BAD: Blockchain Anomaly Detection", arXiv - 2018

Published in , 1900

Computing Technology for Trusted Cloud Security

Published in Cloud Computing Security: Foundations and Challenges, 2016

This handbook offers a comprehensive overview of cloud computing security technology and implementation, while exploring practical solutions to a wide range of cloud computing security issues. With more organizations using cloud computing and cloud providers for data operations, proper security in these and other potentially vulnerable areas have become a priority for organizations of all sizes across the globe. Research efforts from both academia and industry in all security aspects related to cloud computing are gathered within one reference guide.

Recommended citation: Roberto Di Pietro, Flavio Lombardi, Matteo Signorini: Computing Technology for Trusted Cloud Security - CRC Press

talks

System and method for interacting devices from different islands of trust

Published:

Dispositivo electrónico portátil de moneda para realizar transacciones monetarias entre un usuario y un vendedor, que comprende un elemento de moneda provisto de un selector de moneda para realizar la selección de moneda o monedas a partir de una solicitud del vendedor, unos registros de entradas de función destinados a ser seleccionados en función de la selección de moneda o monedas, una función de cálculo de una moneda que a partir de los valores de registros de entrada proporciona una salida de función, unos registros de reconstrucción de salida de función, un reconstructor de monedas que a partir de la salida de función y los registros de reconstrucción de salida de función puede reconstruir un valor de moneda original, en el que la función es una función física no clonable borrable de una sola lectura, de modo que no se puede utilizar dos veces la misma moneda. La invención también se refiere a un procedimiento que emplea a este dispositivo.

Blockchain-based security threat detection method and system

Published:

A method and system of detecting a security threat within a network of connected devices that share a ledger of transactions between them under the form of exchanged blockchain messages. Enhanced blockchain messages are built by adding all forked chains to the blockchain messages. Forked chains in such enhanced blockchains are then inspected to detect any anomaly. When an anomaly is detected in a forked chain, all transactions of the ledger in the forked chain and the blockchain message leading up to the network attack entry point are reviewed to identify the source of the security threat.

System and method for interacting devices from different islands of trust

Published:

A system and method of interacting a first device in a first Island of Trust belonging to a first organization, such Island of Trust comprising at least a first backend, with a second device in a second Island of Trust belonging to a second organization, such Island of Trust comprising at least a second backend. First and second backends are connected to a cloud, and may read/write a payment blockchain and an obligation blockchain. The combined specific obligation blockchain with standard payment blockchain allows devices to commit to the ToUs for their respective organizations in a tamper evident distributed manner.

Blockchain-based authentication method and system

Published:

A method and system of authenticating a device within a network of connected devices that share a ledger of transactions between them under the form of exchanged blockchain messages and comprising: computing a PoK chain based on the enhanced blockchain, receiving an authentication request from an application or a device, the authentication request including one or more PoKs, retrieving from the PoK database the PoK chain corresponding to the application or device identified in the authentication request; computing a PoK based on the PoK chain retrieved from the PoK database, comparing it with the PoK included in the authentication request, and if they match, validating the authentication request.

Blockchain-based distributed credit method

Published:

A network of connected devices share a ledger of payment transactions between them under the form of a standard payment blockchain. A specific obligation blockchain is added to the network, also shared by the connected devices, and a link is made between the standard payment blockchain and the specific obligation blockchain, to reflect payments made in relation to obligations. A distributed credit method is built on top of this infrastructure.

Blockchain-based electronic transfer method and network

Published:

A method of maintaining a transaction database in an electronic transfer network, the method improving privacy of the network by making it possible to discard older transactions by enforcing demurrage, the method comprising: verifying, the value of an input $N(t_g)$ of a new transaction is equal to the value of the output $M(t_a)$ it references, multiplied once by a demurrage rate $r$ for every block between the past block $B_x$ storing the past transaction $(t_a)$ whose output $M(t_a)$ is referenced and the new block $(B_z)$:

teaching

Teaching experience 1

Undergraduate course, University 1, Department, 2014

This is a description of a teaching experience. You can use markdown like any other post.

Teaching experience 2

Workshop, University 1, Department, 2015

This is a description of a teaching experience. You can use markdown like any other post.