Analysis and partial solutions of security problems in automotive environments

Questo scritto mira a fare una panoramica dei problemi legati alla sicurezza della comunicazione tra componenti interne dei veicoli e delle soluzioni oggigiorno disponibili. Partendo con una descrizione generale del circuito interno dell’auto analizzeremo i suoi punti di accesso e discuteremo i danni prodotti dalla sua manomissione illecita. In seguito vedremo se ´è possibile prevenire tali attacchi dando un’occhiata alle soluzioni disponibili e soffermandoci in particolare sui moduli crittografici e le loro applicazioni. Infine presenteremo l’implementazione pratica di un protocollo di autenticazione tra ECUs e una dimostrazione matematica della sua sicurezza.

The secret life of software applications

One of the most undervalued problems by smartphone users is the security of data on their mobile devices. Today smartphones and tablets are used to send messages and photos and especially to stay connected with social networks, forums and other platforms. These devices contain a lot of private information like passwords, phone numbers, private photos, emails, etc. and an attacker may choose to steal or destroy this information. The main topic of this thesis is the security of the applications present on the most popular stores (App Store for iOS and Play Store for Android) and of their mechanisms for the management of security. The analysis is focused on how the architecture of the two systems protects users from threats and highlights the real presence of malware and spyware in their respective application stores. The work described in subsequent chapters explains the study of the behavior of 50 Android applications and 50 iOS applications performed using network analysis software. Furthermore, this thesis presents some statistics about malware and spyware present on the respective stores and the permissions they require. At the end the reader will be able to understand how to recognize malicious applications and which of the two systems is more suitable for him. This is how this thesis is structured. The first chapter introduces the security mechanisms of the Android and iOS platform architectures and the security mechanisms of their respective application stores. The Second chapter explains the work done, what, why and how we have chosen the tools needed to complete our analysis. The third chapter discusses about the execution of tests, the protocol followed and the approach to assess the “level of danger” of each application that has been checked. The fourth chapter explains the results of the tests and introduces some statistics on the presence of malicious applications on Play Store and App Store. The fifth chapter is devoted to the study of the users, what they think about and how they might avoid malicious applications. The sixth chapter seeks to establish, following our methodology, what application store is safer. In the end, the seventh chapter concludes the thesis.

Airport Security: Passenger's Perception and Design Issues

The main goal of this thesis is to report patterns of perceived safety in the context of airport infrastructure, taking the airport of Bologna as reference. Many personal and environmental attributes are investigated to paint the profile of the sensitive passenger and to understand why precise factors of the transit environment are so impactful on the individual. The main analyses are based on a 2014-2015 passengers’ survey, involving almost six thousand of incoming and outgoing passengers. Other reports are used to implement and support the resource. The analysis is carried out by using a combination of Chi-square tests and binary logistic regressions. Findings shows that passengers result to be particularly affected by the perception of airport’s environment (e.g., state and maintenance of facilities, clarity and efficacy of information system, functionality of elevators and escalators), but also by the way how the passenger reaches the airport and the quality of security checks. In relation to such results, several suggestions are provided for the improvement of passenger satisfaction with safety. The attention is then focused on security checkpoints and related operations, described on a theoretical and technical ground. We present an example of how to realize a proper model of the security checks area of Bologna’s airport, with the aim to assess present performances of the system and consequences of potential variations. After a brief introduction to Arena, a widespread simulation software, the existing model is described, pointing out flaws and limitations. Such model is finally updated and changed in order to make it more reliable and more representative of the reality. Different scenarios are tested and results are compared using graphs and tables.