The growth potential of a crypto project, typically sustained by an associated cryptocurrency, can be measured by the use cases spurred by the underlying technology. However, these projects are implemented through decentralized applications, with a weak (if any) feedback scheme. Hence, a metric that is widely used as a proxy for the healthiness of such projects is the number of transactions and related volumes. Nevertheless, such a metric can be subject to manipulation - the crypto market being an unregulated one, magnifies such a risk. To address the cited gap, in this paper, we design a comprehensive methodology to process large cryptocurrency transaction graphs that, after clustering user addresses of interest, derives a compact representation of the network that highlights interactions among clusters. The analysis of these interactions provides insights into/over/on the strength of the project.To show the quality and viability of our solution, we bring forward a use case centered on Polkadot. The Polkadot network, a cutting-edge cryptocurrency platform, has gained significant attention in the digital currency landscape due to its pioneering approach to interoperability and scalability. However, little is known about how many and to what extent its wide range of enabled use cases have been adopted by end-users so far. The answer to this type of question means mapping Polkadot (or any analyzed crypto project) on a palette that ranges from a thriving ecosystem to a speculative coin without compelling use cases.Our findings, rooted on extensive experimental results - we have parsed 12.5+ million blocks - , demonstrate that crypto exchanges exert considerable influence on the Polkadot network, owning nearly 40% of all addresses in the ledger and absorbing at least 80% of all transactions. In addition, the high volume of inter-exchange transactions (more than 20%) underscores the strong interconnections among just a couple of prominent exchanges, prompting further investigations into the behavior of these actors to uncover potential unethical activities, such as wash trading.These results are a testament to the quality and viability of the proposed solution that, while characterized by a high level of scalability and adaptability, is at the same time immune from the drawbacks of currently used metrics.

Modern ICT infrastructures, i.e., cyber-physical systems and critical infrastructures relying on interconnected IT (Information Technology)- and OT (Operational Technology)-based components and (sub-)systems, raise complex challenges in tackling security and safety issues. Nowadays, many security controls and mechanisms have been made available and exploitable to solve specific security needs, but, when dealing with very complex and multifaceted heterogeneous systems, a methodology is needed on top of the selection of each security control that will allow the designer/maintainer to drive her/his choices to build and keep the system secure as a whole, leaving the choice of the security controls to the last step of the system design/development. This paper aims at providing a comprehensive methodological approach to design and preliminarily implement an Open Platform Architecture (OPA) to secure the cyber-physical systems of critical infrastructures. Here, the Open Platform Architecture (OPA) depicts how an already existing or under-design target system (TS) can be equipped with technologies that are modern or currently under development, to monitor and timely detect possibly dangerous situations and to react in an automatic way by putting in place suitable countermeasures. A multifaceted use case (UC) that is able to show the OPA, starting from the security and safety requirements to the fully designed system, will be developed step by step to show the feasibility and the effectiveness of the proposed methodology.

Started as a hyped technology a few years ago, IoT is now a reality providing sensing and computing capabilities from SCADA systems to households. At their core, IoT devices connect to the outside world to share sensed or computed data. However, the sensitivity and privacy of shared data has made access management a stringent need also for the IoT. In particular, continuous authentication could solve a few security issues, like session hijacking, via checking device legitimacy for each exchanged message and preventing attackers from pretending their actions came from authenticated devices. To date, device-to-device (D2D) continuous authentication still relies on tokens/certificates or devices' fingerprints such as battery levels or location. The cited solutions, while being not always implementable on resource constrained devices, provide low-entropy and thus sporting a non negligible probability of being guessable during impersonation attacks. In this paper, we overcome the above limitations with LENTO: unpredictable Latency-based continuous authEntication for Network inTensive IoT envirOnments. In addition to a thorough analysis, we also offer experimental validation of our proposal. We have deployed LENTO as an additional authentication module of the well-known NextCloud platform, and we have performed an extensive experimental campaign. Collected results confirm our working hypothesis. Network delays can be exploited as random seeds in continuous authentication protocols as they provide as much entropy as standard approaches. To the best of our knowledge, our approach is the first continuous authentication protocol relying purely on the network characteristics, regardless of the underneath computing base trustworthiness. Given the minimal overhead introduced by our solution, it provides continuous authentication even for those devices that cannot afford to run (defacto) standard protocols. As such, LENTO could be retrofitted, offering enhanced security to a plethora of nowadays unsecured devices.

Advanced persistent threats (APTs) have rocketed over the last years. Unfortunately, their technical characterization is incomplete--it is still unclear if they are advanced usages of regular malware or a different form of malware. This is key to develop an effective cyberdefense. To address this issue, in this paper we analyze the techniques and tactics at stake for both regular and APT-linked malware. To enable reproducibility, our approach leverages only publicly available datasets and analysis tools. Our study involves 11,651 regular malware and 4686 APT-linked ones. Results show that both sets are not only statistically different, but can be automatically classified with F1 > 0.8 in most cases. Indeed, 8 tactics reach F1 > 0.9. Beyond the differences in techniques and tactics, our analysis shows thats actors behind APTs exhibit higher technical competence than those from non-APT malwares.

SRv6 can provide hybrid cooperation between a centralized network controller and network nodes. IPv6 routers maintainmulti-hop ECMP-aware segments, whereas the controller establishes a source-routed path through the network. Since thestate of the flow is defined at the ingress to the network and then is contained in a specific packet header, called SegmentRouting Header (SRH), the importance of such a header itself is vital. Motivated by the need to study and investigate thistechnology, this paper discusses some security-related issues of Segment Routing. A SRv6 capable experimental testbed is built and detailed. Finally, an experimental test campaign is performed and results are evaluated and discussed.

AI-enabled bot and social media: A survey of tools, techniques, and platforms for the arms race

Graphstructuresnowadays pervasiveBigData.It is oftenusefulto regroupsuchclustersdata incanclusters,accordingdistinctivenodefeatures,and use area representativeelementinforeachcluster.In manyreal-worldcases,be identifiedby toa setof connectedfeatures,and shareuse a representativeelementfor eachfunction,cluster. Ini.e.manyreal-worldcases,clustersbe identifiedbyrepresentationa set of connectedvertices thatthe result of somecategoricala mappingof theverticesintocansomecategoricalthatverticesthat insharethe setresultof somecategoricalfunction,a mappingterrainsof the withverticesinto somecategoricalthattakes valuesa finiteC. Asan example,we canidentifyi.e.contiguousthe samediscretepropertyrepresentationon a geographicaltakesvaluesinafinitesetC.Asanexample,wecanidentifycontiguousterrainswiththesamediscretepropertyonageographicalmap, leveraging Space Syntax. In this case, thematic areas within cities are labelled with different colors and color zones aremap,leveragingSpaceSyntax.In thisareas withinContractedcities are labelledwithdifferentzones areanalysedby meansof theirstructureandcase,theirthematicmutual interactions.graphs canhelpidentifycolorsissuesandandcolorcharacteristicsanalysedbymeansoftheirstructureandtheirmutualinteractions.Contractedgraphscanhelpidentifyissuesandcharacteristicsof the original structures that were not visible before.of Thisthe originalstructures andthatdiscusseswere not visiblebefore.paper introducesthe problemof contracting possibly large colored graphs into much smaller representatives.Thisprovidespaper introducesand discussesthe problemof contractinggraphs into muchrepresentatives.It alsoa novel serialbut parallelizablealgorithmto tackle possiblythis task.largeSomecoloredinitial performanceplots smallerare givenand discussedItalsoprovidesanovelserialbutparallelizablealgorithmtotacklethistask.Someinitialperformanceplotsaregivenand discussedtogether with hints for future development.together with hints for future development.

The importance of faster drug development has never been more evident than in present time when the whole world is struggling to cope up with the COVID-19 pandemic. At times when timely development of effective drugs and treatment plans could potentially save millions of lives, drug repurposing is one area of medicine that has garnered much of research interest. Apart from experimental drug repurposing studies that happen within wet labs, lot many new quantitative methods have been proposed in the literature. In this paper, one such quantitative methods for drug repurposing is implemented and evaluated. DruSiLa (DRUg in-SIlico LAboratory) is an in-silico drug re- purposing method that leverages disease similarity measures to quantitatively rank existing drugs for their potential therapeutic efficacy against novel diseases. The proposed method makes use of available, manually curated, and open datasets on diseases, their genetic origins, and disease-related patho-phenotypes. DruSiLa evaluates pairwise disease similarity scores of any given target disease to each known disease in our dataset. Such similarity scores are then propagated through disease-drug associations, and aggregated at drug nodes to rank them for their predicted effectiveness against the target disease.

Tra novembre 2020 e giugno 2021, l'Istituto per le Applicazioni del Calcolo "Mauro Picone" (IAC) ha realizzato un ciclo di seminari dedicati al rapporto tra Intelligenza Artificiale e Matematica, denominato AIM - Artificial Intelligence and Mathematics - Fundamentlas and beyond. Nel presente lavoro si cercherà di sistematizzare i diversi contributi emersi durante il ciclo di seminari, realizzando una mappa concettuale che, a partire dalle collaborazioni già in essere e attraverso un'analisi ontologica delle parole chiave di ciascun seminario, evidenzi le possibili aree di contatto tra le diverse attività di ricerca presentate e le aree potenzialmente non ancora coperte. Ciò permetterà non solo di programmare un secondo ciclo di seminari, ma fornirà un utile spunto di riflessione per i ricercatori su future sinergie potenzialmente realizzabili.Inoltre, a partire dall'analisi dei dati di insight delle dirette streaming dal canale YouTube dell'IAC, incrociati con i dati degli Analytics dei canali social su cui è stata data rilevanza ai diversi appuntamenti del ciclo di seminari, si cercherà di trarre alcune conclusioni sulle possibilità di disseminazione di iniziative a carattere scientifico attraverso i social network, evidenziandone vantaggi e limiti. Infine, si promuoverà una riflessione sul possibile uso futuro di piattaforme online per le attività seminariali, anche quando l'emergenza pandemica sarà finalmente totalmente superata.

Tor is an open source software that allows accessing various kinds of resources, known as hidden services, while guaranteeing sender and receiver anonymity. Tor relies on a free, worldwide, overlay network, managed by volunteers, that works according to the principles of onion routing in which messages are encapsulated in layers of encryption, analogous to layers of an onion. The Tor Web is the set of web resources that exist on the Tor network, and Tor websites are part of the so-called dark web. Recent research works have evaluated Tor security, its evolution over time, and its thematic organization. Nevertheless, limited information is available about the structure of the graph defined by the network of Tor websites, not to be mistaken with the network of nodes that supports the onion routing. The limited number of entry points that can be used to crawl the network, makes the study of this graph far from being simple. In the present paper we analyze two graph representations of the Tor Web and the relationship between contents and structural features, considering three crawling datasets collected over a five-month time frame. Among other findings, we show that Tor consists of a tiny strongly connected component, in which link directories play a central role, and of a multitude of services that can (only) be reached from there. From this viewpoint, the graph appears inefficient. Nevertheless, if we only consider mutual connections, a more efficient subgraph emerges, that is, probably, the backbone of social interactions in Tor.

A conclusione del primo ciclo di seminari AIM - Artificial Intelligence and Mathematics, svolti nel 2021 totalmente in streaming, a causa dell'emergenza pandemica, questo rapporto tecnico si interroga sull'efficacia generale dei seminari scientifici online. Mediante la presentazione di una breve indagine tra i ricercatori dell'IAC e l'analisi della letteratura sull'argomento, il report considera prospettive, vantaggi e svantaggi - per la comunità dei ricercatori - dell'utilizzo della modalità telematica nell'organizzazione dei workshop.Partendo poi dalle performance, in termini di pubblico, dei vari seminari, vengono analizzate le modalità di comunicazione e promozione delle diverse giornate del ciclo di seminari AIM, al fine di comprendere se ci sia una connessione tra il numero di spettatori (in diretta e in differita) e la loro promozione sui canali social - Facebook, Twitter e Instagram - dell'istituto.

Networks are pervasive in computer science and in real world applications. It is often useful to leverage distinctive node features to regroup such data in clusters, by making use of a single representative node per cluster. Such contracted graphs can help identify features of the original networks that were not visible before. As an example, we can identify contiguous nodes having the same discrete property in a social network. Contracting a graph allows a more scalable analysis of the interactions and structure of the network nodes. This paper delves into the problem of contracting possibly large colored networks into smaller and more easily manageable representatives. It also describes a simple but effective algorithm to perform this task. Extended performance plots are given for a range of graphs and results are detailed and discussed with the aim of providing useful use cases and application scenarios for the approach.

The Internet evolution is one of the greatest innovations of the twentieth century and has changed lives of individuals and business organizations. On the other hand, potential attacks on the information systems and eventual crash may cause heavy losses on data, services and business operation. Executives and security professionals are accepting that it is not a matter of if but a matter of when their organization will be hit by a cyber-attack. As a consequence, cyber risk is a fast-growing area of concern. Companies have to include cyber risk in their risk management framework, depicting their risk profile, assessing their risk appetite and looking for corresponding risk transfer solutions. Measures and methods used in financial sector to quantify risk, have been recently applied to cyber world. The aim is to help organizations to improve risk management strategies and to make better decisions about investments in cyber security. On the other hand, they are useful instruments for insurance companies in pricing cyber insurance contracts and setting the minimum capital requirements defined by the regulators. Aim of this contribution, is to offer a review of the recent literature on cyber risk management deepening economic issues and their interplay with technical ones, from both internal (organization) and external (systemic) perspectives.

Considerations and analysis of trusted computing in the Cloud Trusted execution technology is increasingly successful in heterogeneous fields aiming at securing the execution of code and access control to premium content, though some criticalities associated with such technologies start becoming apparent. Among other stakeholders, the Cloud Security Alliance, whose mission is to promote the use of best practices for providing security assurance within cloud computing, offers cloud providers and clients with security models and tools that ease security management. This chapter highlights promising technology such as containers and their security aspects. It surveys trusted computing technologies, highlighting the pros and cons of established technologies and novel approaches, as well as the security issues that such approaches introduce ex novo or simply exacerbate. The chapter surveys some relevant, trusted computing environment solutions, such as SGX and containers. It shows how the cloud can make use of the analyzed trusted execution technology to help secure the execution of code and protect access to data.

Dinur and Shamir's cube attack has attracted significant attention in the literature. Nevertheless, the lack of implementations achieving effective results casts doubts on its practical relevance. On the theoretical side, promising results have been recently achieved leveraging on division trails. The present paper follows a more practical approach and aims at giving new impetus to this line of research by means of a cipher-independent flexible framework that is able to carry out the cube attack on GPU/CPU clusters. We address all issues posed by a GPU implementation, providing evidence in support of parallel variants of the attack and identifying viable directions for solving open problems in the future. We report the results of running our GPU-based cube attack against round-reduced versions of three well-known ciphers: Trivium, Grain-128 and SNOW 3G. Our attack against Trivium improves the state of the art, permitting full key recovery for Trivium reduced to (up to) 781 initialization rounds (out of 1152) and finding the first-ever maxterm after 800 rounds. In this paper, we also present the first standard cube attack (i.e., neither dynamic nor tester) to yield maxterms for Grain-128 up to 160 initialization rounds on non-programmable hardware. We include a thorough evaluation of the impact of system parameters and GPU architecture on the performance. Moreover, we demonstrate the scalability of our solution on multi-GPU systems. We believe that our extensive set of results can be useful for the cryptographic engineering community at large and can pave the way to further results in the area.

Edge and Fog Computing will be increasingly pervasive in the years to come due to the benefits they bring in many specific use-case scenarios over traditional Cloud Computing. Nevertheless, the security concerns Fog and Edge Computing bring in have not been fully considered and addressed so far, especially when considering the underlying technologies (e.g. virtualization) instrumental to reap the benefits of the adoption of the Edge paradigm. In particular, these virtualization technologies (i.e. Containers, Real Time Operating Systems, and Unikernels), are far from being adequately resilient and secure. Aiming at shedding some light on current technology limitations, and providing hints on future research security issues and technology development, in this paper we introduce the main technologies supporting the Edge paradigm, survey existing issues, introduce relevant scenarios, and discusses benefits and caveats of the different existing solutions in the above introduced scenarios. Finally, we provide a discussion on the current security issues in the introduced context, and strive to outline future research directions in both security and technology development in a number of Edge/Fog scenarios.

Tor hidden services allow offering and accessing various Internet resources while guaranteeing a high degree of provider and user anonymity. So far, most research work on the Tor network aimed at discovering protocol vulnerabilities to de-anonymize users and services. Other work aimed at estimating the number of available hidden services and classifying them. Something that still remains largely unknown is the structure of the graph defined by the network of Tor services. In this paper, we describe the topology of the Tor graph (aggregated at the hidden service level) measuring both global and local properties by means of well-known metrics. We consider three different snapshots obtained by extensively crawling Tor three times over a 5 months time frame. We separately study these three graphs and their shared "stable" core. In doing so, other than assessing the renowned volatility of Tor hidden services, we make it possible to distinguish time dependent and structural aspects of the Tor graph. Our findings show that, among other things, the graph of Tor hidden services presents some of the characteristics of social and surface web graphs, along with a few unique peculiarities, such as a very high percentage of nodes having no outbound links.

The exploration and analysis of Web graphs has flourished in the recent past, producing a large number of relevant and interesting research results. However, the unique characteristics of the Tor network demand for specific algorithms to explore and analyze it. Tor is an anonymity network that allows offering and accessing various Internet resources while guaranteeing a high degree of provider and user anonymity. So far the attention of the research community has focused on assessing the security of the Tor infrastructure. Most research work on the Tor network aimed at discovering protocol vulnerabilities to de-anonymize users and services, while little or no information is available about the topology of the Tor Web graph or the relationship between pages' content and topological structure. With our work we aim at addressing such lack of information. We describe the topology of the Tor Web graph measuring both global and local properties by means of well-known metrics that require due to the size of the network, high performance algorithms. We consider three different snapshots obtained by extensively crawling Tor three times over a 5 months time frame. Finally we present a correlation analysis of pages' semantics and topology, discussing novel insights about the Tor Web organization and its content. Our findings show that the Tor graph presents some of the character- istics of social and surface web graphs, along with a few unique peculiarities.

An overview of recent Virtualization Technologies impact on Cloud Security, including Advantages, Issues, and Perspectives

Traffic data, automatically collected en masse every day, can be mined to discover information or patterns to support police investigations. Leveraging on domain expertise, in this paper we show how unsupervised clustering techniques can be used to infer trending behaviors for road-users and thus classify both routes and vehicles. We describe a tool devised and implemented upon openly-available scientific libraries and we present a new set of experiments involving three years worth data. Our classification results show robustness to noise and have high potential for detecting anomalies possibly connected to criminal activity.