Publications

Journal Articles

• F. Righetti, C. Vallati, M. Tiloca and G. Anastasi, “Vulnerabilities of the 6P Protocol for the Industrial Internet of Things: Impact Analysis and Mitigation”, Computer Communications, Elsevier, 2022. (To appear)

• M. Gunnarsson, K. M. Malarski, R. Höglund and M. Tiloca, “Performance Evaluation of Group OSCORE for Secure Group Communication in the Internet of Things”, ACM Transactions on Internet of Things, Vol.3, Issue 3, Article No. 19, pp 1-31, ACM, 2022. Online: https://dl.acm.org/doi/pdf/10.1145/3523064

• M. Gunnarsson, J. Brorsson, F. Palombini, L. Seitz and M. Tiloca, “Evaluating the Performance of the OSCORE Security Protocol in Constrained IoT Environments”, Internet of Things; Engineering Cyber Physical Human Systems, Vol. 13, Elsevier, 2021. Online: https://www.sciencedirect.com/science/article/pii/S2542660520301645

• M. Tiloca, G. Dini, K. Rizki and S. Raza, “Group rekeying based on member join history”, International Journal of Information Security, Vol. 19, pp 343-381, Springer, 2020. Online: https://link.springer.com/article/10.1007/s10207-019-00451-0

---

Conference Papers

• L. Seitz, M. Tiloca, M. Gunnarsson and R. Höglund, “Secure Software Updates for IoT based on Industry Requirements”, in Proceedings of the 9th International Conference on Information Systems Security and Privacy (ICISSP 2023), pp 1-8, Lisbon (Portugal), 2023 (To appear)

• G. Carignani, F. Righetti, C. Vallati, M. Tiloca and G. Anastasi, “Evaluation of Feasibility and Impact of Attacks Against the 6top Protocol in 6TiSCH Networks”, in Proceedings of the 21st IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2020), pp 68-77, Cork (Ireland), 2020

• N. Paladi, M. Tiloca, P. N. Bideh and M. Hell, “Flowrider - Fast On-Demand Key Provisioning for Cloud Networks”, in Proceedings of the 17th EAI International Conference on Security and Privacy in Communication Networks (EAI SecureComm 2021), pp 207-228, Canterbury (UK), 2021

• D. Shin, Z. A. Khan, D. Bianculli, and L. Briand, “A theoretical framework for understanding the relationship between log parsing and anomaly detection,” in Proceedings of the 21th International Conference on Runtime Verification (RV 2021), pp. 277-287. Springer, Cham, 2021

• Z. A. Khan, D. Shin, D. Bianculli, and L. Briand, “Guidelines for Assessing the Accuracy of Log Message Template Identification Techniques,” in Proceedings of the 44th International Conference on Software Engineering (ICSE 2022), pp. 1-12, 2022 (To appear)

---

Demo Papers

• N. Paladi, M. Tiloca, P. N. Bideh and M. Hell, “On-demand Key Distribution for Cloud Networks”, in 24th Conference on Innovation in Clouds, Internet and Networks (ICIN 2021), Demonstration track, pp 80-82, Paris (France), 2021

---

Invited Talks

• M. Tiloca, “IETF OSCORE and Group OSCORE - Secure end-to-end (group) communication for CoAP”, at the Thread Group Virtual Members Meeting, 3rd of November, 2020.

---

Press Releases

• “Smarta lyktstolpar i byn” (in Swedish). Online: https://veberod.nu/smarta-lyktstolpar-i-byn/

• “Tyréns med i forskningsprojekt för smarta lyktstolpar” (in Swedish). Online:
  • https://www.tyrens.se/sv/aktuellt/nyheter/tyr%C3%A9ns-med-i-forskningsprojekt-foer-smarta-lyktstolpar/
  • https://www.mynewsdesk.com/se/tyrens/pressreleases/tyrens-med-i-forskningsprojekt-foer-smarta-lyktstolpar-3052279
  • https://www.industri24.se/nyheter/tyreens-med-i-forskningsprojekt-foer-smarta-lyktstolpar–__11698.htm
  • https://www.linkedin.com/company/tyrens-ab/
  • https://www.facebook.com/permalink.php?id=152151961470902&story_fbid=3828049700547758
  • https://es-la.facebook.com/pg/tyrensab/posts/?ref=page_internal

• “Smarta lyktstolpar testas i Veberöd” (in Swedish). Online: https://ljuskultur.se/smarta-lyktstolpar-testas-i-veberod/

• “Så skapar du ett säkert belysningssystem” (in Swedish). Online: https://omvarldsbevakning.byggtjanst.se/artiklar/2020/december/sa-skapar-du-ett-sakert-belysningssystem/

• “Framtidens smarta lyktstolpar blir mer energisnåla och trygghetsskapande” (in Swedish). Online: https://kundnyheter.ellevio.se/framtidens-smarta-lyktstolpar-blir-mer-energisnala-och-trygghetsskapande/

• “Så blir kritisk infrastruktur cybersäker” (in Swedish). Online: https://www.ri.se/sv/berattelser/sa-blir-kritisk-infrastruktur-cybersaker

---

IETF Stardardization meetings

Regular participation and presentations at the IETF meetings:

• IETF 104 (Prague, March 2019)
• IETF 105 (Montreal, July 2019)
• IETF 106 (Singapore, November 2019)
• IETF 107 (Vancouver, March 2020) — Cancelled and reverted to online interim meetings
• IETF 108 (Online, July 2020)
• IETF 109 (Online, November 2020)
• IETF 110 (Online, March 2021)
• IETF 111 (Online, July 2021)
• IETF 112 (Online, November 2021)
• IETF 113 (Vienna, March 2022)

---

IETF Standardization Activities

The following list includes the IETF documents where RISE has been involved. For each of them, a brief description is provided.

Published as Proposed Standard

1. Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)
   • With reference to authentication, authorization and access control, this document provides a description of how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key.
   • https://datatracker.ietf.org/doc/html/rfc8747
2. Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)
   • A framework for authentication and authorization in Internet of Things (IoT) environments, based on a set of building blocks including OAuth 2.0 and CoAP.
   • https://datatracker.ietf.org/doc/html/rfc9200
3. Additional OAuth Parameters for Authentication and Authorization for Constrained Environments (ACE)
   • Definition of new parameters to interact with the Authorization Server of the framework for authentication and authorization for constrained environments (ACE).
   • https://datatracker.ietf.org/doc/html/rfc9201
4. Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)
   • A profile for the Authentication and Authorization for Constrained Environments (ACE) framework, which utilizes Datagram Transport Layer Security (DTLS) in order to achieve communication security, server authentication, and proof-of-possession.
   • https://datatracker.ietf.org/doc/html/rfc9202
5. The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework
   • A profile for the Authentication and Authorization for Constrained Environments (ACE) framework, which utilizes Object Security for Constrained RESTful Environments (OSCORE) in order to achieve communication security, server authentication, and proof-of-possession.
   • https://datatracker.ietf.org/doc/html/rfc9203

Adopted as Working Group documents

1. Group Communication for the Constrained Application Protocol (CoAP)
   • Usage of the Constrained Application Protocol (CoAP) for group communication, using UDP/IP multicast as the underlying data transport.
   • https://datatracker.ietf.org/doc/draft-ietf-core-groupcomm-bis/
2. Group OSCORE - Secure Group Communication for CoAP
   • A method for protecting group communication over the Constrained Application Protocol (CoAP), based on Object Security for Constrained RESTful Environments (OSCORE).
   • https://datatracker.ietf.org/doc/draft-ietf-core-oscore-groupcomm/
3. Observe Notifications as CoAP Multicast Responses
   • Method for a CoAP server to send (secure) observe notifications as response messages over IP multicast.
   • https://datatracker.ietf.org/doc/draft-ietf-core-observe-multicast-notifications/
4. Combining EDHOC and OSCORE
   • A method to efficiently combine the execution of the authenticated key establishment protocol Ephemeral Diffie-Hellman over COSE (EDHOC) with a following message exchange protected with Object Security for Constrained RESTful Environments (OSCORE).
   • https://datatracker.ietf.org/doc/draft-ietf-core-oscore-edhoc/
5. Key Provisioning for Group Communication using ACE
   • Definition of message formats and procedures for requesting and distributing group keying material using the Authorization for Constrained Environments (ACE) framework, to protect communications among group members.
   • https://datatracker.ietf.org/doc/draft-ietf-ace-key-groupcomm/
6. Key Update for OSCORE (KUDOS)
   • A method for two OSCORE peers to take into account limits of the used AEAD cipher to preserve the security of their communications, as well as a lightweight method for updating their keying material and establish a new OSCORE Security Context.
   • https://datatracker.ietf.org/doc/draft-ietf-core-oscore-key-update/
7. Key Management for OSCORE Groups in ACE
   • A method to request and provision keying material in group communication scenarios where the group communication is based on CoAP and secured with Group Object Security for Constrained RESTful Environments (Group OSCORE), building on the ACE framework for Authentication and Authorization
   • https://datatracker.ietf.org/doc/draft-ietf-ace-key-groupcomm-oscore/
8. Admin Interface for the OSCORE Group Manager
   • A RESTful admin interface at the Group Manager, that allows an Administrator entity to create and delete OSCORE groups, as well as to retrieve and update their configuration. The ACE framework for Authentication and Authorization is used to enforce authentication and authorization of the Administrator at the Group Manager.
   • https://datatracker.ietf.org/doc/draft-ietf-ace-oscore-gm-admin/
9. Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework
   • A method of the Authentication and Authorization for Constrained Environments (ACE) framework, which allows an Authorization Server to notify Clients and Resource Servers (i.e., registered devices) about revoked Access Tokens.
   • https://datatracker.ietf.org/doc/draft-ietf-ace-revoked-token-notification/

Individual submissions

1. Discovery of OSCORE Groups with the CoRE Resource Directory
   • Method for a CoAP endpoint to use the CoRE Resource Directory for discovering Object Security for Constrained RESTful Environments (OSCORE) groups and acquiring information to join them.
   • https://datatracker.ietf.org/doc/draft-tiloca-core-oscore-discovery/
2. Proxy Operations for CoAP Group Communication
   • A method to enable CoAP forward proxies to operate in group communication scenarios, by forwarding over multicast one request to multiple servers, and forwarding back the individual distinguishable responses to the client.
   • https://datatracker.ietf.org/doc/draft-tiloca-core-groupcomm-proxy/
3. Cacheable OSCORE
   • A method to enable CoAP forward proxies to cache response messages protected with Group Object Security for Constrained RESTful Environments (Group OSCORE).
   • https://datatracker.ietf.org/doc/draft-amsuess-core-cachable-oscore/
4. OSCORE-capable Proxies
   • A method for protecting CoAP message with OSCORE also between an origin application endpoint and an intermediary, or between two intermediaries. This includes the possible double-protection of a messages through “OSCORE-in-OSCORE”, i.e., both end-to-end between origin application endpoints, as well as between an application endpoint and an intermediary.
   • https://datatracker.ietf.org/doc/html/draft-tiloca-core-oscore-capable-proxies
5. Group OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework
   • A profile for the Authentication and Authorization for Constrained Environments (ACE) framework, which utilizes Object Security for Constrained RESTful Environments (OSCORE) and/or Group OSCORE to provide communication security between a Client and (a group of) Resource Server(s), as well as OSCORE in order to achieve communication security, server authentication, and proof-of-possession.
   • https://datatracker.ietf.org/doc/draft-tiloca-ace-group-oscore-profile/

Further Engagements and Contributions

1. Object Security for Constrained RESTful Environments (OSCORE)
   • A method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE).
   • https://datatracker.ietf.org/doc/html/rfc8613
2. Ephemeral Diffie-Hellman Over COSE (EDHOC)
   • A very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys, providing mutual authentication, perfect forward secrecy and identity protection. EDHOC is intended for constrained scenarios and a main use case is to establish an OSCORE security context.
   • https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc/