U N I V E R S I T À D I P I S A
DIPARTIMENTO DI INGEGNERIA DELL’INFORMAZIONE Dottorato di Ricerca in Ingegneria dell’Informazione
Activity Report by the Student Alessandro CANTELLI-FORTI 3rd year of the PhD Program, cycle XXXI
Tutors: Prof. Fabrizio BERIZZI, Prof. COLAJANNI, Dr. Amerigo CAPRIA 1. Research Activity
The research is in the system field of “Developing innovative cybersecurity techniques for the pro-tection of critical infrastructures”, where the methodologies for the propro-tection of critical infrastruc-tures must pursue various objectives in three main phases: Prevention, Detection, and Reaction. During three years, the research activities have covered the study, design and implementation of solutions for the Detection and Reaction phases with a special focus on Mitigation and Incident Management methodologies.
The Detection issues are addressed through novel anomaly detection solutions applied to an Intru-sion Detection Systems (IDS) supported by the Cybersens system described in [J3], [C3] and [C2]. As a personal contribution to the European SCOUT project, I studied the trade-offs related to the ap-plication of cybersecurity technologies in critical infrastructures and the limits induced by their in-tegration [O1-O5]. Among the proposed solutions, I was the responsible for the final inin-tegration and validation of the Cybersens and Recovey systems of the SCOUT project [O10-O16] that was selected by the European Commission Research and Development Information Service (CORDIS-EU) as a “promising project with a strong impact”.
Original solutions for the Mitigation phases are proposed and implemented as an innovative Hon-eyNet integrating a virtualized decoy-system [J3] and an accurate fingerprinting of the attackers [J4]. The idea is to force each attacker to interact with “his” synthetic system thus improving existing solutions that are based on stateless representations of the decoy-system. As a consequence, they suffer of two drawbacks: they are easily identified by expert attackers; they are unable to track progresses of specific intrusions carried out by the same attacker especially in large systems that support critical infrastructures. For these reasons, our approach proposes an innovative solution that enables a stateful honeypot to be able to recognize multiple intrusions of the same adversary and to redirect each of them to the same synthetic decoy-system left by the previous intrusion, including the installation of rootkits and backdoors, modifications of the file system, and so on. The research idea in [C1] achieves the further benefits of slowing down the opponent operations and fingerprinting his attack for subsequent enrichment of adversarial intelligence and attribution sys-tems.
Incident Management is one of the most important topic in critical infrastructure. The main re-search results in this field are focused on critical transport systems and published in papers, inter-national technical reports, surveys, and relevant juridical reports. As a further result, the research
activities evidence some serious structural problems in the state-of-the-art devices adopted for fo-rensics purposes [J1], [C2], [C7] and propose some solutions based on cybersecurity technologies [J1].
The Prevention objective has represented an important way to enter into the research field of crit-ical infrastructures through a critcrit-ical analysis of the state-of-the-art and the proposal of new models for the integration of existing technologies. Major research results are still to be achieved although we have tackled the problem of risk management under strong uncertainty conditions that are orig-inated by the vast and dispersed nature of critical infrastructure. Original contributions to the Radar research activities through the design and implementation of information assurance solutions are presented in [C5] and [C6].
The candidate has participated actively to the following international projects, and directed work package in SCOUT:
- X-WALD: “Avionic X-Band weather signal modelling and processing validation trough real data acquisition and analysis”, EU-FP7-JTI agreement no 619236, 2014-2016
- SCOUT: “Multitech Security System for interconnected space control ground station”, EU-FP7 agreement no 607019, 2014-2018
- AFSC-SSS-IA: “Implementation of Alliance Future Surveillance (AFSC) and Control Small Scale Studies (SSS) on Information Assurance (IA)”, agreement STO-OCS(2018)0073, 2018
The candidate was invited to present his research and technical results in the following international workshops:
• A. Cantelli Forti, “Ship’s digital evidences as an open format data logger of a network of sensors”, Lecture at the Electronic and Technical Evidence Seminar, 25-27 July 2017, Marine Accident In-vestigation Branch (UK Government Agency), Southampton
• A. Cantelli Forti: “Evidence recovery and analysis from the Costa Concordia’s digital data by means of forensic techniques: turn data into information”, guest speaker at European Maritime Safety Agency, EMSA Seminar on Voyage Data Recorders and Electronic Evidence at Cranfield University, January 2016
• A. Cantelli Forti: “The importance of Open Format for storing digital data asynchronously gener-ated from multiple sensors”, speaker at European Marine Accident Investigators’ International Forum EMAIIF, April 2016
2. Formation Activity
TOTAL COURSES/CREDITS FROM PhD START:
1. “Rapid prototyping for engineers” Dr. Carmelo De Maria, Centro Piaggio, University of Pisa (cred-its: 3)
2. “Spatial Multiagent Systems and Aggregate Computing: New Directions for Spatial Computing”, Prof. Omicini, University of Bologna (EXTERNAL - credits: 3)
3. “Electrochemical Energy Storage for Flexible Microelectronics. Principle and applications” Thierry Djenizian, Aix-Marseille Université (credits: 5)
4. “Energy, Thermal, and Thermoelectric Effects on Nanoscale Devices”, Prof. Eric Pop, Stanford University (credits: 4)
5. “Using e-infrastructures for Biodiversity Conservation", Gianpaolo Coro, ISTI - CNR (credits: 5) 6. “Introduction to Modelling & Simulation of Complex & Multi-disciplinary Dynamical Systems",
Luca Daniel, MIT – USA (credits: 5)
7. “Semiconductor trip: from a simple idea to a complex manufacturing”, different lecturers, ST Microelectronics, (credits: 6)
8. “Applications in Wearables”, Stefano Stanzone, Holst Centre / imec, Eindhoven, The Netherlands (credits: 5)
9. “From Malware to APT: Cyber threats evolution in last 30 years", Silvio Laporta, EMC Research Europe, Cork, Ireland (credits: 0)
10. “Passive Radar Technology”, NATO LECTURE SERIES SET-243, University of Pisa (credits: 3) Internal credits: 36 - External credits: 3 Total credits: 39
3. Publications (full list)
International Journals and Book Chapters
[J1] Cantelli-Forti, M. Colajanni, “Information security in critical transport systems: Case studies and lessons learned”, 28 Sept 2018, Journal of Cybersecurity
[J2] L. Fiorentini, L. Marmo and A. Cantelli-Forti, Book chapter “Fire on board of a ferryboat”, Book chapter in Principles of Forensic Engineering Applied to Industrial Accidents, pp. 280-296, ISBN: 978-1-118-96280-0, Wiley, Gen 2019
International Journals (submitted)
[J3] A. Capria, Cantelli-Forti et al., “SCOUT Multitech SeCurity system for intercOnnected space con-trol groUnd staTions: System Architecture and Experimental Results”, submitted to: International Journal of Critical Infrastructure Protection (IJCIP), Elsevier
International Conferences and workshops with peer review
[C1] A. Cantelli-Forti, M. Colajanni, “Adversarial Fingerprinting of Cyber Attacks based on Stateful Honeypots”, Proceedings of the 2018 International Conference on Computational Science and Com-putational Intelligence, IEEE Computer Society, 13 - 15 December 2018, Las Vegas, Nevada, USA [C2] A. Cantelli-Forti, “Forensic Analysis of Industrial Critical Systems: The Costa Concordia's Voyage Data Recorder Case”, Proc. of 2018 IEEE International Conference on Smart Computing (SMART-COMP), pp. 458-463, 18 – 20 June 2018
[C3] A. Cantelli-Forti, M. Nolich, “A novel cyber attack modeling and simulation framework for criti-cal infrastructure security analysis”, Proc. of SET-262 Specialists’ Meeting on Artificial Intelligence
for Military Multisensor Fusion Engines, Budapest, November 2018, Accepted: 28 August 2018
[C4] Callegari, C., Forti, A.C., D'Amore, G., De La Hoz, E., Echarri, D., García-Ferreira, I., López-Civera, G. “An architecture for securing communications in critical infrastructure”, Proc. of the 13th
[C5] Capria A., Moscardini C., Conti M., Cantelli Forti A., Berizzi F. and al, “Passive radar research activity at Lab RaSS-CNIT”, presented to IEEE South Australia Workshop on Passive Radar, Adelaide, Australia, 23-24 November, 2015.
[C6] A. Capria, D. Petri, C. Moscardini, M. Conti, A. Cantelli-Forti et al., "Software-defined Multiband Array Passive Radar (SMARP) demonstrator: A test and evaluation perspective", Proc. of OCEANS
2015, pp. 1-6, Genoa, 2015, 18-21 May 2015. National conference
[C7] B. Chiaia, R. Sicari, A.Cantelli-Forti et al., “Incendio della Motonave Norman Attlantic: Indagini Multidisciplinari in Incidente Probatorio”, IF CRASC Conference on Forensic Engineering, Politecnico di Milano, 14-16 Settembre 2017.
International Technical Reports
[O1] C. Callegari, M. Martorella. A. Cantelli-Forti et al., NATO STO TECHNICAL REPORT “SSS on Infor-mation Assurance (IA)”, August 2018
[O2] F. Berizzi, C. Callegari, A. Cantelli-Forti, et al., “CYBERSENS SUBSYSTEMS”, SCOUT Project tech-nical report, October 2017
[O3] F. Berizzi, A. Cantelli-Forti, C. Callegari et al., “Test Planning and Experimental Set-up”, SCOUT Project technical report, November 2017
[O4] F. Berizzi, A. Cantelli-Forti, C. Callegari et al., “SCOUT DEMONSTRATOR”, SCOUT Project tech-nical report, November 2017
[O5] F. Berizzi, A. Cantelli-Forti, C. Callegari et al., “Results on data analysis and system validation”, SCOUT Project technical report, April 2018
[O6] C. Callegari, A. Cantelli Forti, I. Marsá Maestre, G. López Civera, D. Echarri, I. García-Ferreira: “Preliminary Results on Cybersens Subsystem, final version”, SCOUT Project technical report, Octo-ber 2016
[O6] F.Berizzi et al.: “Demonstrator scenario, requirements and architecture”", SCOUT Project tech-nical report, October 2016
[O7] C. Callegari, A. Cantelli Forti, I. Marsá Maestre, G. López Civera, D. Echarri, I. García-Ferreira: “Preliminary Results on Cybersens Subsystem, final version”, SCOUT Project technical report, Octo-ber 2016
[O8] D. Adami et al.: “Operative and system requirements with scenario definition”, Multitech Se-Curity system for intercOnnected space control groUnd staTions (SCOUT) Project technical report, June 2016
[O9] M. Rosa Zurera et al.:“Risk analysis preliminary results”, SCOUT Project technical report, June 2016
[O10] D. Adami et al.: “SCOUT system architecture”, SCOUT Project technical report, June 2016 [O11] C. Callegari, A. Cantelli Forti, I. Marsá Maestre, G. López Civera, D. Echarri, I. García-Ferreira: “Preliminary Results on Cybersens Subsystem”, SCOUT Project technical report, June 2016
