SP2I

4th International Workshop on Security and Privacy in Intelligent Infrastructures
  • Date
    Jul 30, 2024
  • Location
    SR08
  • Duration
    13:00 — 18:30
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Lukas Malina
  • → Raimundas Matulevičius
  • → Gautam Srivastava

Accepted Paper

Quantum-Resistant and Secure MQTT Communication
Lukas Malina (Brno University of Technology, Czechia), Patrik Dobias (Brno University of Technology, Czechia), Petr Dzurenda (Brno University of Technology, Czechia), Gautam Srivastava (Brandon University, Canada)
Full Paper
In this paper, we deal with the deployment of Post-Quantum Cryptography (PQC) in Internet of Things (IoT). Concretely, we focus on the MQTT (Message Queuing Telemetry Transport) protocol that is widely used in IoT services. The paper presents our novel quantum-resistant security proposal for the MQTT protocol that supports secure broadcast. Our solution omits using TLS with the handshake causing delay and is suitable for sending irregular short messages. Finally, we show how our solution can practically affect concrete use cases by the performance results of the proposed solution.
Workshop SP2I
Identification of industrial devices based on payload
Ondrej Pospisil (Brno University of Technology, Faculty of Electrical Engineering and Communication, Department of Telecommunication, Czechia), Radek Fujdiak (Brno University of Technology, Faculty of Electrical Engineering and Communication, Department of Telecommunication, Czechia)
Full Paper
The identification of industrial devices based on their behavior in network communication is important from a cybersecurity perspective in two areas: attack prevention and digital forensics. In both areas, device identification falls under asset management or asset tracking. Due to the impact of active scanning on these networks, particularly in terms of latency, it is important to take care in industrial networks to use passive scanning. For passive identification, statistical learning algorithms are nowadays the most appropriate. The aim of this paper is to demonstrate the potential for passive identification of PLC devices using statistical learning based on network communication, specifically the payload of the packet. Individual statistical parameters from 15 minutes of traffic based on payload entropy were used to create the features. Three scenarios were performed and the XGBoost algorithm was used for evaluation. In the best of the scenarios, the model achieved an accuracy score of 83% to identify individual devices.
Workshop SP2I
Lattice-based Multisignature Optimization for RAM Constrained Devices
Sara Ricci (Brno University of Technology, Czechia), Vladyslav Shapoval (Brno University of Technology, Czechia), Petr Dzurenda (Brno University of Technology, Czechia), Peter Roenne (University of Luxembourg, Luxembourg), Jan Oupicky (University of Luxembourg, Luxembourg), Lukas Malina (Brno University of Technology, Czechia)
Full Paper
In the era of growing threats posed by the development of quantum computers, ensuring the security of electronic services has become fundamental. The ongoing standardization process led by the National Institute of Standards and Technology (NIST) emphasizes the necessity for quantum-resistant security measures. However, the implementation of Post-Quantum Cryptographic (PQC) schemes, including advanced schemes such as threshold signatures, faces challenges due to their large key sizes and high computational complexity, particularly on constrained devices. This paper introduces two microcontroller-tailored optimization approaches, focusing on enhancing the DS2 threshold signature scheme. These optimizations aim to reduce memory consumption while maintaining security strength, specifically enabling the implementation of DS2 on microcontrollers with only 192 KB of RAM. Experimental results and security analysis demonstrate the efficacy and practicality of our solution, facilitating the deployment of DS2 threshold signatures on resource-constrained microcontrollers.
Workshop SP2I
DECEPTWIN: Proactive Security Approach for IoV by Leveraging Deception-based Digital Twins and Blockchain
Mubashar Iqbal (University of Tartu, Institute of Computer Science, Estonia), Sabah Suhail (Queen's University Belfast, United Kingdom), Raimundas Matulevičius (University of Tartu, Institute of Computer Science, Estonia)
Full Paper
The proliferation of security threats in connected systems necessitates innovative approaches to enhance security resilience. The Internet of Vehicles (IoV) presents a rapidly evolving and interconnected ecosystem that raises unprecedented security challenges, including remote hijacking, data breaches, and unauthorized access. Digital Twin (DT) and blockchain-based deception can emerge as a promising approach to enhance the security of the IoV ecosystem by creating a secure, realistic, dynamic, and interactive deceptive environment that can deceive and disrupt malicious actors. In accordance with this, we propose a proactive security approach for IoV by leveraging DECEPtion-based digiTal tWins and blockchaIN (DECEPTWIN) that entails hunting for security threats and gaps in IoV security posture before an incident or breach occurs.
Workshop SP2I
Secure and Privacy-Preserving Car-Sharing Systems
Lukas Malina (Brno University of Technology, Czechia), Petr Dzurenda (Brno University of Technology, Czechia), Norbert Lövinger (Brno University of Technology, Czechia), Ijeoma Faustina Ekeh (University of Tartu, Estonia), Raimundas Matulevicius (University of Tartu, Estonia)
Full Paper
With increasing smart transportation systems and services, potential security and privacy threats are growing. In this work, we analyze privacy and security threats in car-sharing systems, and discuss the problems with the transparency of services, users' personal data collection, and how the legislation manages these issues. Based on analyzed requirements, we design a compact privacy-preserving solution for car-sharing systems. Our proposal combines digital signature schemes and group signature schemes, in order to protect user privacy against curious providers, increase security and non-repudiation, and be efficient even for systems with restricted devices. The evaluation of the proposed solution demonstrates its security and a practical usability for constrained devices deployed in vehicles and users' smartphones.
Workshop SP2I
DDS Security+: Enhancing the Data Distribution Service With TPM-based Remote Attestation
Paul Georg Wagner (Fraunhofer IOSB, Germany), Pascal Birnstill (Fraunhofer IOSB, Germany), Tim Samorei (Karlsruhe Institute of Technology, Germany), Jürgen Beyerer (Karlsruhe Institute of Technology, Germany)
Full Paper
The Data Distribution Service (DDS) is a widely accepted industry standard for reliably exchanging data over the network using a publish-subscribe model. While DDS already includes basic security features such as participant authentication and access control, the possibilities of leveraging Trusted Platform Modules (TPMs) to increase the security and trustworthiness of DDS-based applications have not been sufficiently researched yet. In this work, we show how TPM-based remote attestation can be effectively integrated into the existing DDS security architecture. This enables application developers to verify the code integrity of remote DDS participants during the operation of the distributed system. Our solution transparently extends the DDS secure channel handshake, while cryptographically binding the established communication channels to the attested software stacks. We show the security properties of our proposal by formally verifying the resulting remote attestation protocol using the Tamarin theorem prover. We also implement our solution as a fork of the popular eProsima FastDDS library and evaluate the resulting performance impact when conducting TPM-based remote attestations of DDS applications.
Workshop SP2I
Comparison of Multiple Feature Selection techniques for Machine Learning-Based Detection of IoT Attacks
Viet Anh Phan (Brno University of Technology, Czechia), Jan Jerabek (Brno University of Technology, Czechia), Lukas Malina (Brno University of Technology, Czechia)
Full Paper
The practicality of IoT is becoming more and more apparent, including smart homes, autonomous vehicles, environmental monitoring, and the internet everywhere. The rapid spread has also lead to a large number of cybersecurity threats such as Denial of Service attacks, Information stealing attacks, and so on. Machine learning techniques have been proved to be a valuable tool for detecting network threats in IoT. Feature selection has been proven to overcome excessive features of the dataset in the feature reduction phase, which helps reducing computational costs while still keeping the generalization of machine learning model. However, most existing studies have only focused on using a limited number of methods for feature selection (typically one). Moreover, there is very few research evaluating which technique is the most effective across various datasets, and can be used as a best choice method in general. Therefore, this work aims to test 5 feature selection techniques: Random Forest, Recursive Feature Elimination, Logistic Regression, XGBoost Regression and Information Gain. The new dataset (CIC-IoT 2023) is applied to evaluate the performance of those feature selection methods. This study also performs IoT attacks detection based on 5 Machine learning models: Decision Tree (DT), Random Forest (RF), k-Nearest Neighbours (k-NN), Gradient Boosting (GB) and Multi-layer Perceptron (MLP). We look at the computational metrics such as accuracy, precision, recall and F1-score to evaluate the performance of each technique over three actual datasets. Overall, the research shows that Recursive Feature Elimination stands out as the top feature selection method, achieving the average accuracy of 95.55%, as well as the highest accuracy of 99.57% when being used in combination with RF in case of 30 selected features.
Workshop SP2I

Detail SP2I 02/05

Topics of interest include, but are not limited to 03/05

  • Anonymity, Privacy, and Traceability
  • Applied Cryptography and Security in Intelligent Infrastructures
  • Applied Post-Quantum Cryptography in Intelligent Infrastructures
  • Authentication and Access Control
  • Blockchain Privacy
  • Security and Privacy in Learning Systems (AI, Machine/Deep/Federated Learning)
  • Cloud Computing and Privacy
  • Data Privacy and Personal Information Management
  • Formal Modelling in Intelligent Infrastructures
  • Hardware Security
  • Internet of Things (IoT) Security and Privacy
  • Cyber Physical System Security and Privacy
  • Lightweight Cryptography
  • Network and Wireless Security and Privacy
  • Operating Systems Security in Intelligent Infrastructures
  • Privacy and Law
  • Privacy-Enhancing Technologies and Privacy Protection in Intelligent Infrastructures
  • Quantum Resistant Privacy Enhancing Technologies
  • Security and Machine Learning in Intelligent Infrastructures
  • Security, and Privacy by design
  • Security of Digital Twins

Workshop Chairs 04/05

Workshop Chairs

Workshop Chairs Logo
Lukas Malina
Brno University of Technology, Czech Republic
Workshop Chairs Logo
Raimundas Matulevičius
University of Tartu, Estonia
Workshop Chairs Logo
Gautam Srivastava
Brandon University, Manitoba, Canada

Program Committee

Mohamed Baza | College of Charleston, U.S.A.
Jakub Breier | TTControl GmbH, Vienna, Austria
Gabriele Costa | CINI, Italy
Christian Derler | Joanneum Research, Austria
Ashutosh Dhar Dwivedi | Aalborg University, Denmark
George Drosatos | Athena Research and Innovation Centre, Greece
Petr Dzurenda | Brno University of Technology, Czech Republic
Alireza Esfahani | University of Greenwich, United Kingdom
Jan Hajny | Brno University of Technology, Czech Republic
Xiaolu Hou | Slovak University of Technology, Slovakia
Mubashar Iqbal | University of Tartu, Estonia
Alireza Jolfaei | Flinders University, Australia
Liina Kamm | Cybernetica, Estonia
Maryline Laurent | Télécom SudParis, Institut Polytechnique de Paris, France
Jerry Lin | Western Norway University of Applied Sciences, Bergen, Norway
Pavel Loutocky | Institute of Law and Technology, Masaryk University, Czech Republic
Zdenek Martinasek | Brno University of Technology, Czech Republic
Jakub Misek | Institute of Law and Technology, Masaryk University, Czech Republic
Aleksandr Ometov | Tampere University, Finland
Arnis Paršovs | University of Tartu, Estonia
Sara Ricci | Brno University of Technology, Czech Republic
Rajani Singh | Copenhagen Business School, Denmark
Branka Stojanovic | Joanneum Research, Austria
Aimilia Tasidou | CESI, Nantes, France
Luca Verderame | University of Genova, Italy

Submission 05/05

Important Dates

Extended Submission Deadline May 08, 2024
Author Notification May 29, 2024
Proceedings Version Jun 18, 2024
ARES EU Projects Symposium Jul 30, 2024
Conference Jul 30 — Aug 02, 2024
Join ARES 2025!

Join us at ARES 2025 in Ghent, Belgium