Publications & Demonstrators

All accepted publications from SPARTA partners under its funding as well as videos presenting some of the work done under SPARTA

Publications

OutGene: Detecting Undefined Network Attacks with Time Stretching and Genetic Zooms

Luís Dias, Hélder Reia, Rui Neves and Miguel Correia

The paper presents OutGene, an approach for streaming detection of malicious activity without previous knowledge about attacks or training data. OutGene uses clustering to aggregate hosts with similar behavior. To assist human analysts on pinpointing malicious clusters, we introduce the notion of genetic zoom, that consists in using a genetic...More>>

Domains:

A Privacy-Enhancing Framework for Internet of Things Services

Lukas Malina, Gautam Srivastava, Petr Dzurenda, Jan Hajny and Sara Ricci

The world has seen an influx of connected devices through both smart devices and smart cities, paving the path forward for the Internet of Things (IoT). These emerging intelligent infrastructures and applications based on IoT can be beneficial to users only if essential private and secure features are assured. However,...More>>

Domains: privacy, iot

Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols

Guillaume Celosia, Mathieu Cunche

Apple Continuity protocols are the underlying network component of Apple Continuity services which allow seamless nearby applications such as activity and file transfer, device pairing and sharing a network connection. Those protocols rely on Bluetooth Low Energy (BLE) to exchange information between devices: Apple Continuity messages are embedded in the...More>>

Domains:

Towards Formal Methods of IoT Application Layer Protocols

Katharina Hofer-Schmitz; Branka Stojanović

This paper provides an overview of the application of formal methods for two most commonly used application layer protocols in IoT domain, MQTT and CoAP. Formal methods give the possibility to improve security and are even able to provide security guarantees with respect to a given model. Our research shows,...More>>

Domains: formal, verification, Internet, of, Things, security, data

Experimental analysis of the laser-induced instruction skip fault model

Jean-Max Dutertre, Timothe ́ Riom, Olivier Potin, and Jean-Baptiste Rigaud

Microcontrollers storing valuable data or using security functions are vulnerable to fault injection attacks. Among the various types of faults, instruction skips induced at runtime proved to be effective against identification routines or encryption algorithms. Several research works assessed a fault model that consists in a single instruction skip, i.e....More>>

Domains:

Saving Private Addresses: An Analysis of Privacy Issues in the Bluetooth-Low-Energy Advertising Mechanism

Guillaume Celosia, Mathieu Cunche

The Bluetooth Low Energy (BLE) protocol is being included in a growing number of connected objects such as fitness trackers and headphones. As part of the service discovery mechanism of BLE, devices announce themselves by broadcasting radio signals called advertisement packets that can be collected with off-the-shelf hardware and software....More>>

Domains: Bluetooth, Low, Energy;, Privacy;, Tracking;, Address, randomization.

Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile

Guillaume Celosia, Mathieu Cunche

Bluetooth Low Energy (BLE) is a short range wireless technology included in many consumer devices such as smartphones, earphones and wristbands. As part of the Attribute (ATT) protocol, discover- able BLE devices expose a data structure called Generic Attribute (GATT) profile that describes supported features using concepts of services and...More>>

Domains:

Automated Security Analysis of IoT Software Updates

Nicolas Dejon, Davide Caputo, Luca Verderame, Alessandro Armando and Alessio Merlo

IoT devices often operate unsupervised in ever-changing environments for several years. Therefore, they need to be updated on a regular basis. Current approaches for software updates on IoT, like the recent SUIT proposal, focus on granting integrity and confidentiality but do not analyze the content of the software update, especially...More>>

Domains: IoT

TSNSCHED: Automated Schedule Generation for Time Sensitive Networking

Aellison Cassimiro T. dos Santos, Ben Schneider and Vivek Nigam

Time Sensitive Networking (TSN) is a set of standards enabling high performance deterministic communication using different scheduling mechanisms. Due to the size of industrial networks, configuring TSN networks is challenging to be done manually. We present TSNsched, a tool for automatic generation of schedules for TSN. TSNsched takes as input...More>>

Domains: