Progettazione e sviluppo di un sistema per la verifica dell'integrità hardware e firmware di un sistema

Questa tesi tratta un argomento che si è fatto sempre più interessante, soprattutto in questi ultimi anni, l'integrità firmware e hardware di un sistema. Oggigiorno milioni di persone fanno completamente affidamento al proprio sistema lasciando nelle loro mani moli di dati personali e non, molte delle quali si affidano ai moderni antivirus i quali, però, non sono in grado di rilevare e gestire attacchi che implicano l'alterazione dei firmware. Verranno mostrati diversi attacchi di questo tipo cercando di fare capire come la relativa sicurezza sia importante, inoltre saranno discussi diversi progetti reputati interessanti. Sulla base delle ricerche effettuate, poi, sarà mostrata la progettazione e l'implementazione di un software in grado di rilevare alterazioni hardware e firmware in un sistema.

Industrial Demilitarized Zone and Zero Trust cybersecurity models for Industrial Control Systems

Today more than ever, with the recent war in Ukraine and the increasing number of attacks that affect systems of nations and companies every day, the world realizes that cybersecurity can no longer be considered just as a “cost”. It must become a pillar for our infrastructures that involve the security of our nations and the safety of people. Critical infrastructure, like energy, financial services, and healthcare, have become targets of many cyberattacks from several criminal groups, with an increasing number of resources and competencies, putting at risk the security and safety of companies and entire nations. This thesis aims to investigate the state-of-the-art regarding the best practice for securing Industrial control systems. We study the differences between two security frameworks. The first is Industrial Demilitarized Zone (I-DMZ), a perimeter-based security solution. The second one is the Zero Trust Architecture (ZTA) which removes the concept of perimeter to offer an entirely new approach to cybersecurity based on the slogan ‘Never Trust, always verify’. Starting from this premise, the Zero Trust model embeds strict Authentication, Authorization, and monitoring controls for any access to any resource. We have defined two architectures according to the State-of-the-art and the cybersecurity experts’ guidelines to compare I-DMZ, and Zero Trust approaches to ICS security. The goal is to demonstrate how a Zero Trust approach dramatically reduces the possibility of an attacker penetrating the network or moving laterally to compromise the entire infrastructure. A third architecture has been defined based on Cloud and fog/edge computing technology. It shows how Cloud solutions can improve the security and reliability of infrastructure and production processes that can benefit from a range of new functionalities, that the Cloud could offer as-a-Service.We have implemented and tested our Zero Trust solution and its ability to block intrusion or attempted attacks.

Novel materials for direct X-ray detectors based on semiconducting organic polymers

Conventional inorganic materials for x-ray radiation sensors suffer from several drawbacks, including their inability to cover large curved areas, me- chanical sti ffness, lack of tissue-equivalence and toxicity. Semiconducting organic polymers represent an alternative and have been employed as di- rect photoconversion material in organic diodes. In contrast to inorganic detector materials, polymers allow low-cost and large area fabrication by sol- vent based methods. In addition their processing is compliant with fexible low-temperature substrates. Flexible and large-area detectors are needed for dosimetry in medical radiotherapy and security applications. The objective of my thesis is to achieve optimized organic polymer diodes for fexible, di- rect x-ray detectors. To this end polymer diodes based on two different semi- conducting polymers, polyvinylcarbazole (PVK) and poly(9,9-dioctyluorene) (PFO) have been fabricated. The diodes show state-of-the-art rectifying be- haviour and hole transport mobilities comparable to reference materials. In order to improve the X-ray stopping power, high-Z nanoparticle Bi2O3 or WO3 where added to realize a polymer-nanoparticle composite with opti- mized properities. X-ray detector characterization resulted in sensitivties of up to 14 uC/Gy/cm2 for PVK when diodes were operated in reverse. Addition of nanoparticles could further improve the performance and a maximum sensitivy of 19 uC/Gy/cm2 was obtained for the PFO diodes. Compared to the pure PFO diode this corresponds to a five-fold increase and thus highlights the potentiality of nanoparticles for polymer detector design. In- terestingly the pure polymer diodes showed an order of magnitude increase in sensitivity when operated in forward regime. The increase was attributed to a different detection mechanism based on the modulation of the diodes conductivity.

Airport Security: Passenger's Perception and Design Issues

The main goal of this thesis is to report patterns of perceived safety in the context of airport infrastructure, taking the airport of Bologna as reference. Many personal and environmental attributes are investigated to paint the profile of the sensitive passenger and to understand why precise factors of the transit environment are so impactful on the individual. The main analyses are based on a 2014-2015 passengers’ survey, involving almost six thousand of incoming and outgoing passengers. Other reports are used to implement and support the resource. The analysis is carried out by using a combination of Chi-square tests and binary logistic regressions. Findings shows that passengers result to be particularly affected by the perception of airport’s environment (e.g., state and maintenance of facilities, clarity and efficacy of information system, functionality of elevators and escalators), but also by the way how the passenger reaches the airport and the quality of security checks. In relation to such results, several suggestions are provided for the improvement of passenger satisfaction with safety. The attention is then focused on security checkpoints and related operations, described on a theoretical and technical ground. We present an example of how to realize a proper model of the security checks area of Bologna’s airport, with the aim to assess present performances of the system and consequences of potential variations. After a brief introduction to Arena, a widespread simulation software, the existing model is described, pointing out flaws and limitations. Such model is finally updated and changed in order to make it more reliable and more representative of the reality. Different scenarios are tested and results are compared using graphs and tables.

Analisi di aspetti di Security da attacchi informatici su Impianti di Processo

Gli impianti industriali moderni sono di tipo automatizzato, i processi sono cioè pilotati da un’unità di calcolo che fornisce i comandi necessari atti al corretto funzionamento dell’impianto. Queste tecnologie espongono le apparecchiature a problemi di Security, dunque attacchi volontari provenienti dall’esterno, al sistema di controllo. Esso può diventare la variabile manipolabile del terrorista informatico il quale può causare lo shut down del segnale o cambiare l’impostazione dei parametri di processo.Lo studio esposto si propone di identificare le possibili modalità di attacco e di individuare uno strumento sistematico che permetta di valutarne la vulnerabilità ad un possibile atto di sabotaggio. La procedura proposta è la PSC-SHaRP (Process System Cyber-Security Hazard Review Procedure) essa consta di due strutture chiamate rispettivamente Alpha e Beta. La metodologia è volta a individuare i potenziali pericoli posti dagli attacchi informatici piuttosto che a stimarne un profilo di rischio e/o probabilità di successo. La ShaRP Alpha, viene utilizzata per analizzare le conseguenze di deviazioni cyber su singole macchine presenti in impianto o sistemi modulari. La ShaRP Beta viene utilizzata per analizzare le conseguenze di attacchi cyber sul sistema costituito dall’impianto di processo. Essa è quindi in grado di analizzare le ripercussioni che manipolazioni su una o più apparecchiature possono avere sull’impianto nel suo complesso. Nell’ultima parte dell’elaborato sono state trattate le possibilità di accesso da parte del ‘’terrorista’’ al sistema di controllo e sicurezza, dunque i sistemi di gestione del DCS e del SIS e le barriere software e hardware che possono essere presenti.

Ray-tracing assessment of the robustness of Physical Layer Security key generation protocol

Nowadays, information security is a very important topic. In particular, wireless networks are experiencing an ongoing widespread diffusion, also thanks the increasing number of Internet Of Things devices, which generate and transmit a lot of data: protecting wireless communications is of fundamental importance, possibly through an easy but secure method. Physical Layer Security is an umbrella of techniques that leverages the characteristic of the wireless channel to generate security for the transmission. In particular, the Physical Layer based-Key generation aims at allowing two users to generate a random symmetric keys in an autonomous way, hence without the aid of a trusted third entity. Physical Layer based-Key generation relies on observations of the wireless channel, from which harvesting entropy: however, an attacker might possesses a channel simulator, for example a Ray Tracing simulator, to replicate the channel between the legitimate users, in order to guess the secret key and break the security of the communication. This thesis work is focused on the possibility to carry out a so called Ray Tracing attack: the method utilized for the assessment consist of a set of channel measurements, in different channel conditions, that are then compared with the simulated channel from the ray tracing, to compute the mutual information between the measurements and simulations. Furthermore, it is also presented the possibility of using the Ray Tracing as a tool to evaluate the impact of channel parameters (e.g. the bandwidth or the directivity of the antenna) on the Physical Layer based-Key generation. The measurements have been carried out at the Barkhausen Institut gGmbH in Dresden (GE), in the framework of the existing cooperation agreement between BI and the Dept. of Electrical, Electronics and Information Engineering "G. Marconi" (DEI) at the University of Bologna.

Machine learning "as a service" for high energy physics (MLaaS4HEP): evolution of a framework for ML-based physics analyses

The scientific success of the LHC experiments at CERN highly depends on the availability of computing resources which efficiently store, process, and analyse the amount of data collected every year. This is ensured by the Worldwide LHC Computing Grid infrastructure that connect computing centres distributed all over the world with high performance network. LHC has an ambitious experimental program for the coming years, which includes large investments and improvements both for the hardware of the detectors and for the software and computing systems, in order to deal with the huge increase in the event rate expected from the High Luminosity LHC (HL-LHC) phase and consequently with the huge amount of data that will be produced. Since few years the role of Artificial Intelligence has become relevant in the High Energy Physics (HEP) world. Machine Learning (ML) and Deep Learning algorithms have been successfully used in many areas of HEP, like online and offline reconstruction programs, detector simulation, object reconstruction, identification, Monte Carlo generation, and surely they will be crucial in the HL-LHC phase. This thesis aims at contributing to a CMS R&D project, regarding a ML "as a Service" solution for HEP needs (MLaaS4HEP). It consists in a data-service able to perform an entire ML pipeline (in terms of reading data, processing data, training ML models, serving predictions) in a completely model-agnostic fashion, directly using ROOT files of arbitrary size from local or distributed data sources. This framework has been updated adding new features in the data preprocessing phase, allowing more flexibility to the user. Since the MLaaS4HEP framework is experiment agnostic, the ATLAS Higgs Boson ML challenge has been chosen as physics use case, with the aim to test MLaaS4HEP and the contribution done with this work.

State of the art and future perspectives on security metrics and their applications

In modern society, security issues of IT Systems are intertwined with interdisciplinary aspects, from social life to sustainability, and threats endanger many aspects of every- one’s daily life. To address the problem, it’s important that the systems that we use guarantee a certain degree of security, but to achieve this, it is necessary to be able to give a measure to the amount of security. Measuring security is not an easy task, but many initiatives, including European regulations, want to make this possible. One method of measuring security is based on the use of security metrics: those are a way of assessing, from various aspects, vulnera- bilities, methods of defense, risks and impacts of successful attacks then also efficacy of reactions, giving precise results using mathematical and statistical techniques. I have done literature research to provide an overview on the meaning, the effects, the problems, the applications and the overall current situation over security metrics, with particular emphasis in giving practical examples. This thesis starts with a summary of the state of the art in the field of security met- rics and application examples to outline the gaps in current literature, the difficulties found in the change of application context, to then advance research questions aimed at fostering the discussion towards the definition of a more complete and applicable view of the subject. Finally, it stresses the lack of security metrics that consider interdisciplinary aspects, giving some potential starting point to develop security metrics that cover all as- pects involved, taking the field to a new level of formal soundness and practical usability.

SynBA: A contextualized Synonim-Based adversarial Attack for text classification

With the advent of high-performance computing devices, deep neural networks have gained a lot of popularity in solving many Natural Language Processing tasks. However, they are also vulnerable to adversarial attacks, which are able to modify the input text in order to mislead the target model. Adversarial attacks are a serious threat to the security of deep neural networks, and they can be used to craft adversarial examples that steer the model towards a wrong decision. In this dissertation, we propose SynBA, a novel contextualized synonym-based adversarial attack for text classification. SynBA is based on the idea of replacing words in the input text with their synonyms, which are selected according to the context of the sentence. We show that SynBA successfully generates adversarial examples that are able to fool the target model with a high success rate. We demonstrate three advantages of this proposed approach: (1) effective - it outperforms state-of-the-art attacks by semantic similarity and perturbation rate, (2) utility-preserving - it preserves semantic content, grammaticality, and correct types classified by humans, and (3) efficient - it performs attacks faster than other methods.

Design and Implementation of Single phase 230V to Three Phase Inverter Based on the Embedded System STM-32 Applied to motor control

In the field of Power Electronics, several types of motor control systems have been developed using STM microcontroller and power boards. In both industrial power applications and domestic appliances, power electronic inverters are widely used. Inverters are used to control the torque, speed, and position of the rotor in AC motor drives. An inverter delivers constant-voltage and constant-frequency power in uninterruptible power sources. Because inverter power supplies have a high-power consumption and low transfer efficiency rate, a three-phase sine wave AC power supply was created using the embedded system STM32, which has low power consumption and efficient speed. It has the capacity of output frequency of 50 Hz and the RMS of line voltage. STM32 embedded based Inverter is a power supply that integrates, reduced, and optimized the power electronics application that require hardware system, software, and application solution, including power architecture, techniques, and tools, approaches capable of performance on devices and equipment. Power inverters are currently used and implemented in green energy power system with low energy system such as sensors or microcontroller to perform the operating function of motors and pumps. STM based power inverter is efficient, less cost and reliable. My thesis work was based on STM motor drives and control system which can be implemented in a gas analyser for operating the pumps and motors. It has been widely applied in various engineering sectors due to its ability to respond to adverse structural changes and improved structural reliability. The present research was designed to use STM Inverter board on low power MCU such as NUCLEO with some practical examples such as Blinking LED, and PWM. Then we have implemented a three phase Inverter model with Steval-IPM08B board, which converter single phase 230V AC input to three phase 380 V AC output, the output will be useful for operating the induction motor.

Analysis on the implementation of V2X communications for PTWs

Inter-vehicular communications have been gaining momentum throughout the last years and they now occupy a prominent position among the objectives of car manufacturers. Motorcycle manufacturers want to keep pace with the 4 wheels world in order to make Powered Two-wheelers (PTW) integral part of the future connected mobility. The requirements for implementing inter-vehicular communication systems for motorcycles are the subjects of discussion in this thesis. The first purpose of this thesis is to introduce the reader to the world of vehicle-to-everything (V2X) communications, focusing on the Cooperative Intelligent Transport Systems (C-ITS) and the two main current technologies: ITS-G5, which is based on IEEE 802.11p, and cellular vehicle-to-everything (C-V2X). The evolution of these technologies will be also treated. Afterwards, the core of this work is presented: the analysis of the system architecture, including hardware, security, HMI, and peculiar challenges, for implementing V2X systems in motorcycles.