Automotive Cyber-Security

My research interest on cyber-security automotive focuses on the CAN-bus protocol and, in particular, the security property such as Confidentiality, Integrity and Authentication. Android-based radio system is also part of my research activity in automotive. In particular, we exploit Android Radio to remotely access the car and read data coming from car's sensors. These involve the parking-camera, the internal microphone, GPS, and other CAN-bus information, like engine RMP, fuel, brakes and others.

See the page publication page for more info

See the video (italian version) of our attack on Android In-Vehicle Infotainment (IVI) system presented during the CyberSecurity Lab at Pisa (16th of November).

Same video at the Cnr WebTV La tua auto ti spia

In the following, some italian online newspaper talking about our research on automotive on December 2017.

Pisa Today Pisa Informa Flash Virgilio Qui news Pisa Corriere Adriadico - Motori Ufficio Stampa Cnr Il Messaggero il Mattino Quotidiano di Puglia Kia Club
The Tirreno newspaper publicated on January 2018 the article on our research and also CNR official Webpage reported the artcile of our research.

Opportunist Networks

Opportunist Networks are composed of sparsely deployed portable devices, where direct communication opportunities among users are exploited to spread information within the network. However, sharing of messages is implicitly based on a fully trusted network model, according to which each user in the network, even if stranger, can be completely trusted. Experience taught us that unfortunately this assumption does not hold in real world, where malicious user behaviour emerges even in relatively small size network.

In my joint work with other two colleague at the CNR, we introduced the concept of the Interest-cast primitive, according to a message is delivered to all users sharing the same interest of the sender, in a privacy-preserving manner, i.e., disclosing basically zero information about user interests against an Honest-but curios attacker model. The key mechanism proposed in our work is the porting of the Secure-two party computation Fairplay framework to Android Smartphones to implement the Interest-cast primitive. It allows two users to discover whether they have simular interests without disclosing their private degree of interest. On github you can find the source code of the MobileFairPlay project with the implementation of the Interest-Cast protocol. Read more

In 2014, we have also introduced the Mobility-cast primitive in the opportunist context. Here, people create new social ties based on their mobility patterns. We conducted simulations based on real human trajectories collected in Beijing in 2008, and we studied our primitive in terms of Privacy, Coverage, Precision and Cost. In particular, 1 privacy has been achieved by developing a prototype APP that uses our Fairplay porting, and compares the most frequent positions of users by preserving their mobility trajectories. Read more

Social Network Privacy

Social Networks like Facebook or Instagram stores private users contents, such as photos or videos, in a Content Delivery Network, and when authorised users’ want to access data, their browser is redirect to the CDN storage. A malicious person, who have access to the image, can take the link of the picture store in the CDN, and share with anyone in the world, even if they do not have a Facebook account1. This action can be performed since there is not an access control system that prevents the access to the images from not authorised people.Read more

Smart Meter Project

In this reseach activity. I show how to turn a traditional energy meter into a Smart Meter using a Raspberry Pi and a Envir Current Cost. With my Smart Meter you can save your energy consumes in a DataBase and read your consume remotely using any devices connected to the Internet. Here a youtube video (Only italian audio) and Read more on this paper

Download the Energy-Consumption trace of two months.


Phook is a web-application that I developed with my colleague Dr. Daniele Sgandurra aimed at providing the first search engine for photos on Social Networks. Phook can search across two Social Networks, such as Facebook and Instagram. With Phook, we developed an algorithm able to collect 150.000 per minute of links of private users’ photo.

Phook has more than 3000 registered users and about 500.000.000 of links to private users’ photo. Phook got several articles in the Italian national press: and also it was presented in the show Pixel on RAI3. which is one of the most popular italian TV channel.

Visit Phook WebSite

Composite Services

Over the last ten years, people become more and more familiar with online shopping. However, these actions present some differences compared to the traditional way of buying goods in a physical store: In fact, online shops do not give the possibility to touch and see a product that the customer is willing to buy. Moreover, a buyer does not know a-priori the trustworthiness of the Vendor, unless reputation system or other techniques are adopted.

In the context of online services, I have focused my research on composition of online service providers.

This kind of scenario is built by considering customers who look for a single package that is composed by different services. For instance, a customer books her holiday and would get all-in a single package, e.g. flight, hotel and transportation. It is clear that who pays for getting a service would not have bad experiences, and hence a customer searches for providers with a good level of trustworthiness. To help a customer not making a wrong decision, we proposed a mechanism to choose a package according to the customer preferences with respect to the providers trustworthiness. Thus, we decided to consider the reputation of a single provider depending on other sub-services. Thus, we analysed the working model of the popular website, and we noticed that they used one single value of reputation, which is calculated considering different sub-services, such as cleanness, staff friendliness and others. In particular, considers that the reputation value is calculated as the average of the value of each sub-services. In this scenario, our contribution was to propose a solution that weights each sub-service according to users’ preferences. In particular, we adopted the he Analytic Hierarchy Process (AHP) to weigh each sub-service with different degree of relevance.