Giovanni Camurati


Last Name

Camurati

First Name

Giovanni

ORCID

0000-0003-3510-6895

Organisational unit

03755 - Capkun, Srdan / Capkun, Srdan

Filters

2022 - 202611
Reset filters

Search Results

Publications1 - 10 of 11
  • Screaming Channels
    Item type: Encyclopedia Entry
    Camurati, Giovanni; Francillon, Aurélien (2025)
    Encyclopedia of Cryptography, Security and Privacy
  • EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems
    Item type: Conference Paper
    Roeschlin, Marc; Camurati, Giovanni; Brunner, Pascal; et al. (2023)
    Proceedings 2023 Network and Distributed System Security Symposium
    A Controller Area Network (CAN bus) is a message-based protocol for intra-vehicle communication designed mainly with robustness and safety in mind. In real-world deployments, CAN bus does not offer common security features such as message authentication. Due to the fact that automotive suppliers need to guarantee interoperability, most manufacturers rely on a decade-old standard (ISO 11898) and changing the format by introducing MACs is impractical. Research has therefore suggested to address this lack of authentication with CAN bus Intrusion Detection Systems (IDSs) that augment the bus with separate modules. IDSs attribute messages to the respective sender by measuring physical-layer features of the transmitted frame. Those features are based on timings, voltage levels, transients—and, as of recently, Time Difference of Arrival (TDoA) measurements. In this work, we show that TDoA-based approaches presented in prior art are vulnerable to novel spoofing and poisoning attacks. We describe how those proposals can be fixed and present our own method called EdgeTDC. Unlike existing methods, EdgeTDC does not rely on Analog-to-digital converters (ADCs) with high sampling rate and high dynamic range to capture the signals at sample level granularity. Our method uses time-to-digital converters (TDCs) to detect the edges and measure their timings. Despite being inexpensive to implement, TDCs offer low latency, high location precision and the ability to measure every single edge (rising and falling) in a frame. Measuring each edge makes analog sampling redundant and allows the calculation of statistics that can even detect tampering with parts of a message. Through extensive experimentation, we show that EdgeTDC can successfully thwart masquerading attacks in the CAN system of modern vehicles.
  • LEO-Range: Physical Layer Design for Secure Ranging with Low Earth Orbiting Satellites
    Item type: Conference Paper
    Coppola, Daniele; Mumtaz, Arslan; Camurati, Giovanni; et al. (2025)
    Proceedings of the 34th USENIX Security Symposium
    We propose LEO-Range, a novel physical layer design for secure ranging between Low Earth Orbiting ( LEO) satellites and devices. LEO-Range 1) is compatible with Orthogonal Frequency Division Multiplexing (OFDM ) modulation scheme which is widely used by high-bandwidth satellite communications, 2) it provides accurate distance measurements (within the limits imposed by the available bandwidth) , and 3) it is provably secure and reliable across a range of common satellite channels. The design is based on a novel verification scheme in the frequency domain. We provide a security proof that bounds the probability of a distance-reduction attack for arbitrary physical layer attack strategies. We implement a prototype of LEO-Range and we test it with a hardware satellite channel emulator. In common line of sight 3GPP channels with SNRs between 8.8dB and 12dB (worst case scenario at low elevation) in a single ranging from a single satellite the adversary has a probability of less than 2−20 to successfully reduce the LEO-Range measured distance by more than 117 meters. These results already significantly limit spoofing, which typically can be done even across continents, and if distances are measured consecutively and from different satellites or ground stations, the overall distance and location spoofing will be even further limited, pointing to the practical viability of LEO-Range.
  • FAST: Fast and Accurate Security Testing of HRP UWB Chips
    Item type: Working Paper
    Aad, Graciana; Camurati, Giovanni; Dell’Amico, Matteo; et al. (2024)
    High-Rate Pulse (HRP) Ultra-Wide Band (UWB) technology is used for secure distance measurement and was standardized by IEEE 802.15.4z in 2020. This standard is currently implemented in chips deployed in consumer devices such as Apple iPhones and Samsung smartphones. However, due to the use of proprietary algorithms and closed implementation, evaluating the security of such chips analytically is challenging. In this work, we therefore investigate how to evaluate the security of HRP UWB chips empirically. We propose FAST, a generic and efficient testing methodology that we use to accurately characterize the security of HRP UWB chips against distance reduction attacks. FAST relies on importance sampling and can accurately estimate very low success rates, for example, much smaller than 2^-10, using a small and practical number of tests. Using FAST, we characterize the security of a Qorvo DWM3000EVB chip across different settings and attack conditions. FAST revealed that different chip configurations affect the success rates (2^-10 to 2^-128) and that a well-designed attack signal can bypass the additional consistency checks offered by the chip.
  • MCRank: Monte Carlo Key Rank Estimation for Side-Channel Security Evaluations
    Item type: Journal Article
    Camurati, Giovanni; Dell’Amico, Matteo; Standaert, François-Xavier (2023)
    IACR Transactions on Cryptographic Hardware and Embedded Systems
    Key rank estimation provides a measure of the effort that the attacker has to spend bruteforcing the key of a cryptographic algorithm, after having gained some information from a side channel attack. We present MCRank, a novel method for key rank estimation based on Monte Carlo sampling. MCRank provides an unbiased estimate of the rank and a confidence interval. Its bounds rapidly become tight for increasing sample size, with a corresponding linear increase of the execution time. When applied to evaluate an AES-128 implementation, MCRank can be orders of magnitude faster than the state-of-the-art histogram-based enumeration method for comparable bound tightness. It also scales better than previous work for large keys, up to 2048 bytes. Besides its conceptual simplicity and efficiency, MCRank can assess for the first time the security of large keys even if the probability distributions given the side channel leakage are not independent between subkeys, which occurs, for example, when evaluating the leakage security of an AES-256 implementation.
  • Time for Change: How Clocks Break UWB Secure Ranging
    Item type: Conference Paper
    Anliker, Claudio; Camurati, Giovanni; Capkun, Srdjan (2023)
    Proceedings of the 32nd USENIX Security Symposium
    Due to its suitability for wireless ranging, Ultra-Wide Band (UWB) has gained traction over the past years. UWB chips have been integrated into consumer electronics and considered for security-relevant use cases, such as access control or contactless payments. However, several publications in the recent past have shown that it is difficult to protect the integrity of distance measurements on the physical layer. In this paper, we identify transceiver clock imperfections as a new, important parameter that has been widely ignored so far. We present Mix-Down and Stretch-and-Advance, two novel attacks against the current (IEEE 802.15.4z) and the upcoming (IEEE 802.15.4ab) UWB standard, respectively. We demonstrate Mix-Down on commercial chips and achieve distance reductions from 10 m to 0 m. For the Stretch-and-Advance attack, we show analytically that the current proposal of IEEE 802.15.4ab allows reductions of over 90 m. To prevent the attack, we propose and analyze an effective countermeasure.
  • GNSS-WASP: GNSS Wide Area SPoofing
    Item type: Conference Paper
    Tibaldo, Christopher; Sathaye, Harshad; Camurati, Giovanni; et al. (2025)
    Proceedings of the 34th USENIX Conference on Security Symposium
    In this paper, we propose GNSS-WASP, a novel wide-area spoofing attack carried by a constellation of strategicallylocated synchronized transmitters. Unlike known attacks, which are constrained by the attacker’s ability to track victim receivers, GNSS-WASP manipulates the positions measured by all the receivers in a target area without knowing the victim’s positions. This allows GNSS-WASP to spoof a swarm of victims to another location while preserving their true formation (i.e., their relative distances). This opens the possibility of advanced attacks that divert entire fleets of vehicles and drones in a large area without the need to track specific victims. As such, GNSS-WASP bypasses state-of-the-art spoofing countermeasures that rely on constellations of receivers with known distances and those that rely on sudden, unpredictable movements for spoofing detection. While previous works discuss the stringent requirements for perfect spoofing of multiple receivers at known fixed locations, GNSS-WASP demonstrates how to spoof any number of moving receivers at unknown positions in a large area with an error that can remain hidden behind the legitimate noise. In addition to extensive simulations, we implement a prototype of GNSS-WASP with off-the shelf software-defined radios and evaluate it on real GNSS receivers. Despite the error introduced by the proposed attack, GNSS-WASP can successfully spoof two receivers while maintaining their relative distance with an average error of 0.97 m for locations 1000 m away from the reference position. Finally, we also highlight possible countermeasures.
  • On the Privacy of LEO Two-Way-Ranging
    Item type: Conference Paper
    Coppola , Daniele; Sathaye , Harshad; Camurati, Giovanni; et al. (2025)
    Low Earth Orbit (LEO) satellite-based positioning, navigation, and timing (LEO-PNT) is being investigated as an alternative to traditional broadcast-based satellite naviga tion systems. LEO satellites make bidirectional communication possible, and organizations like ESA, GMV, and Thales have considered Two Way Ranging (TWR) as an alternative to classical broadcast PNT systems. Previous work has shown that TWR poses a threat to the location privacy of its users and proposes countermeasures. In this work, we analyze this problem in the context of LEO-PNT. First, we quantify the location leakage in LEO-PNT. Second, we identify that due to the relative motion between high-speed satellites and users, mitigations proposed in the context of distance bounding cannot be directly used - they introduce inaccuracies with an average of 36.7 m in the computed position. Third, we propose a new TWR system which combines previously proposed countermeasures with Intertial Measurement Unit (IMU) sensing such that it provides privacy protection and eliminates ranging inaccuracies. We study the performance of our system in simulation and show that short term error introduced by privacy-protection measures can be very well mitigated with the short-term stability of IMU output.
  • PURE: Payments with UWB RElay-protection
    Item type: Conference Paper
    Coppola, Daniele; Camurati, Giovanni; Anliker, Claudio; et al. (2024)
    Proceedings of the 33rd USENIX Security Symposium
    Contactless payments are now widely used and are expected to reach $10 trillion worth of transactions by 2027. Although convenient, contactless payments are vulnerable to relay attacks that enable attackers to execute fraudulent payments. A number of countermeasures have been proposed to address this issue, including Mastercard’s relay protection mechanism. These countermeasures, although effective against some Commercial off-the-shelf (COTS) relays, fail to prevent physicallayer relay attacks. In this work, we leverage the Ultra-Wide Band (UWB) radios incorporated in major smartphones, smartwatches, tags and accessories, and introduce PURE, the first UWB-based relay protection that integrates smoothly into existing contactless payment standards, and prevents even the most sophisticated physical layer attacks. PURE extends EMV payment protocols that are executed between cards and terminals, and does not require any modification to the backend of the issuer, acquirer, or payment network. PURE further tailors UWB ranging to the payment environment (i.e., wireless channels) to achieve both reliability and resistance to all known physicallayer distance reduction attacks against UWB 802.15.4z. We implement PURE within the EMV standard on modern smartphones, and evaluate its performance in a realistic deployment. Our experiments show that PURE provides a sub-meter relay protection with minimal execution overhead (41 ms). We formally verify the security of PURE’s integration within Mastercard’s EMV protocol using the Tamarin prover.
  • Ghost Peak: Practical Distance Reduction Attacks Against HRP UWB Ranging
    Item type: Conference Paper
    Leu, Patrick; Camurati, Giovanni; Heinrich, Alexander; et al. (2022)
    Proceedings of the 31st Usenix Security Symposium
    We present the first over-the-air attack on IEEE 802.15.4z High-Rate Pulse Repetition Frequency (HRP) Ultra-Wide Band (UWB) distance measurement systems. Specifically, we demonstrate a practical distance reduction attack against pairs of Apple Ul chips (embedded in iPhones and AirTags), as well as against U1 chips inter-operating with NXP and Qorvo UWB chips. These chips have been deployed in a wide range of phones and cars to secure car entry and start and are projected for secure contactless payments, home locks, and contact tracing systems. Our attack operates without any knowledge of cryptographic material, results in distance reductions from 12 m (actual distance) to 0 m (spoofed distance) with attack success probabilities of up to 4 %, and requires only an inexpensive (USD 65) off-the-shelf device. Access control can only tolerate sub-second latencies to not inconvenience the user, leaving little margin to perform time-consuming verifications. These distance reductions bring into question the use of UWB HRP in security-critical applications.
Publications1 - 10 of 11