Cybersecurity and Privacy Platform

illustration_describing_Cybersecurity

Coordinators: Elena Ferrari and Geo Magri

This scientific platform aims to conduct research and facilitate technology transfer on innovative topics relating to security and privacy protection in both traditional and emerging scenarios.

The expertise of the proposers, from the Department of Theoretical and Applied Sciences, the Department of Science and High Technology, and the Department of Law, Economics and Culture, covers the main levels of information systems (data and application security, network security, and hardware security) through a multidisciplinary approach that combines technological and legal aspects, and is open to collaboration with other research groups and national and international institutions.

The scientific platform also has a strong focus on collaboration with local, national and international companies, to which it can provide support for securing their systems.

Some of the proponents of this platform already form the local node of the CINI Cybersecurity Laboratory, which coordinates a network of 59 interconnected nodes, located in the country’s leading universities, research institutes and military academies, collaborating towards the full realisation of Italy’s national cybersecurity ecosystem. Furthermore, there is already an institutionalised collaboration with the National Cybersecurity Agency (ACN).

A distinctive feature of the platform is also the provision of training on cybersecurity and privacy issues, with the aim of bridging the gap in high-level professionals in this sector, which significantly affects both the Italian and European labour markets and the country’s security in a challenging scenario such as the current one.

In this regard, the proposers have been organising CyberChallenge.IT at Insubria for the past three years, a national cybersecurity training programme for university and secondary school students sponsored by the CINI Cybersecurity National Lab, whose aim is to identify, attract, recruit and train the next generation of cyber defenders.

The platform’s activities will be carried out in full compliance with the current regulatory framework on personal data protection, in particular Regulation (EU) 2016/679 (GDPR) and the Italian Privacy Code, through the adoption of appropriate technical and organisational measures, data protection impact assessments (DPIAs) and security and privacy management policies. The platform is also committed to ensuring that research activities adhere to fundamental ethical principles, including through the involvement of ethics committees to assess projects dealing with sensitive data or potentially intrusive technologies.

Faculty members involved:

Department of Theoretical and Applied Sciences: Barbara Carminati, Alberto Coen-Porisini, Elena Ferrari, Sabrina Sicari, Pietro Colombo, Alessandra Rizzardi, Alberto Trombetta, Simone Bottoni

Department of Science and High Technology: Giuliano Benenti, Massimo Caccia, Alessia Allevi, Romualdo Santoro, Marco Lamperti

Department of Law, Economics and Culture: Geo Magri, Giulia Tiberi, Luigi Testa, Valentina Albanese, Gilda Ripamonti, Stefano Marcolini

The themes and working groups that make up the platform

Specific objectives
The aim of this research area is to develop innovative mechanisms designed to protect: traditional and NoSQL data management systems, big data, social networks, the Internet of Things (IoT) and Industrial IoT (IIoT), MQTT, mobile and wearable devices, edge, fog and cloud computing, and autonomous systems (drones, cars, etc.). We will also study cryptography-based access control mechanisms and verifiable computing techniques.

Lecturers
Barbara Carminati, Alberto Coen-Porisini, Elena Ferrari, Sabrina Sicari, Pietro Colombo, Alessandra Rizzardi, Alberto Trombetta, Simone Bottoni (Department of Theoretical and Applied Sciences)

Specific objectives
The aim of this thematic area is to define secure middleware architectures for the IoT, microservices architectures, security and privacy policies for distributed systems and related protocols, policy enforcement, security and privacy in the IoT and IIoT, intrusion detection systems, and risk assessment.

Lecturers
Alberto Coen-Porisini, Sabrina Sicari, Alessandra Rizzardi (Department of Theoretical and Applied Sciences)

Lecturers
Barbara Carminati, Alberto Coen-Porisini, Elena Ferrari, Sabrina Sicari, Alessandra Rizzardi (Department of Theoretical and Applied Sciences)

Specific objectives
The aim of this research area is twofold: on the one hand, to utilise Artificial Intelligence tools to support the protection of data and infrastructure; on the other, to define techniques aimed at protecting Artificial Intelligence systems from new forms of attack. In particular, the research will focus on AI-based systems for protection against malware, tools for protection against AI-generated attacks, protection of edge-AI applications, and AI-based intrusion detection.

Lecturers
Barbara Carminati, Elena Ferrari (Department of Theoretical and Applied Sciences)

Specific objectives: The aim of this research topic is to define mechanisms for managing privacy for various types of sensitive data (such as medical data and data represented by knowledge graphs) through anonymisation techniques. Mechanisms will also be studied to support the specifications of user privacy preferences in complex scenarios, privacy compliance at the organisational level, and usable privacy.

Lecturers
Barbara Carminati, Alberto Coen-Porisini, Elena Ferrari, Sabrina Sicari, Alessandra Rizzardi, Alberto Trombetta, Simone Bottoni

Specific objectives
The aim of this thematic area is to develop security services and decentralised trust systems to support blockchain-based B2B and B2C services.

Lecturers
Giuliano Benenti (Department of Science and Advanced Technology)

Specific objectives
To generate pseudorandom sequences in quantum walks (the quantum counterpart of classical random walks, but with deterministic evolution), measured at discrete time points. To increase the randomness of the generated sequences through suitably designed aperiodic evolutions.

Lecturers
Alessia Allevi (Department of Science and Advanced Technology)

Specific objectives
Development of new optical communication protocols based on quantum states of light in the mesoscopic regime and hybrid detection systems incorporating photon-counting detectors, such as silicon photomultipliers.

Lecturers
Massimo Caccia, Romualdo Santoro (Department of Science and Advanced Technology)

Specific objectives
Development of a platform for generating random state bits, comprising an electronic board with an on-board processor and a microchip.

Lecturers
Geo Magri, Giulia Tiberi, Luigi Testa, Valentina Erminia Albanese, Gilda Ripamonti, Stefano Marcolini (Department of Law, Economics and Culture)

Specific objectives
To examine the legal challenges posed by the use of AI in the management and protection of personal data, with particular attention to surveillance, profiling and automated decision-making systems, and to assess the compatibility between the GDPR and emerging technologies, such as edge computing, blockchain and generative AI systems.

Lecturers
Geo Magri, Giulia Tiberi, Luigi Testa, Valentina Erminia Albanese, Gilda Ripamonti, Stefano Marcolini (Department of Law, Economics and Culture)

Specific objectives
To analyse the legal liability profiles in the event of data breaches or cyber-attacks, with a focus on public bodies, universities and digital service providers. To explore cybersecurity governance models and the accountability of senior management, as required by the NIS2 regulation

Lecturers
Geo Magri, Giulia Tiberi, Luigi Testa, Valentina Erminia Albanese, Gilda Ripamonti, Stefano Marcolini (Department of Law, Economics and Culture)

Specific objectives
To examine the role of universities in training legal experts in cybersecurity and privacy, and the regulatory implications for the management of student data and learning platforms.

Key collaborations on the platform’s topics
National Cybersecurity Agency (ACN), KTH, Sweden, University of Cyprus, Airbus, University of Texas at Dallas, FORTH Greece, University of Pisa, U-Hopper, Trento, University of Warsaw, University of Naples ‘Federico II’, Polytechnic University of Bari, Polytechnic University of Milan, LAAS_CNRS Centre, Toulouse, Sorbonne Paris Nord University, Paris, Autonomous University of San Luis Potosí, Mexico, CREATE-NET Research Centre, Trento, Cisco Research US, University of Lyon.

Keywords
Security, Privacy, AI and cybersecurity, Blockchain, Governance and legal aspects of cybersecurity, Risk analysis, Training

Main competitive funding (from 2022)

  • SMIMI (Security in Modern Information Management Infrastructures), PNRR NextGenEU, spoke 10, local unit grant, €804,000, PI: E. Ferrari.
  • CONCORDIA (Cybersecurity Competence for Research and Innovation), EU H2020 local unit grant: €480,000, PI: B. Carminati.
  • SERENA-IIoT, funded by the MUR (Ministry of University and Research), PRIN 2022 programme, project code 2022CN4EBH, €240,000, PI: A. Rizzardi.
  • Malware Detection for Edge-based Computing, CISCO US research grant, €50,000, PI: E. Ferrari.
  • RAIS (Real-time analytics for the Internet of Sports) EU Marie-Curie ITN, PI: E. Ferrari, local unit grant: €523,000.
  • AQusDIT (Advanced and Quantum-safe Solutions for Digital Identity and digital tracing), PNRR NextGenEU, local unit grant €233,100, PI: B. Carminati.
  • Secure and Privacy-preserving Sharing of Knowledge Graphs, PhD grant, National Cybersecurity Agency (ACN), amount €91,000, PI: E. Ferrari.
  • In-silico quantum generation of random bit streams, HOR2020, May 2022–July 2025, Project coordinator: Massimo Caccia, total budget: €2 million, Insubria unit budget: €190,000.