Imperial College London

Dr Anna Maria Mandalari

Faculty of EngineeringInstitute for Security Science & Technology

Honorary Research Fellow
 
 
 
//

Contact

 

anna-maria.mandalari Website

 
 
//

Location

 

ObservatorySouth Kensington Campus

//

Summary

 

Publications

Publication Type
Year
to

20 results found

Anselmi G, Mandalari AM, Lazzaro S, De Angelis Vet al., 2023, Poster: COPSEC: Compliance-Oriented IoT Security and Privacy Evaluation Framework, Pages: 6-7

Conference paper

Bagnulo M, García-Martínez A, Mandalari AM, Balasubramanian P, Havey D, Montenegro Get al., 2023, Design, implementation and validation of a receiver-driven less-than-best-effort transport, Computer Networks, Vol: 233, ISSN: 1389-1286

LEDBAT++ is a congestion-control algorithm that implements a less-than-best-effort transport service. In this paper we present rLEDBAT, a purely receiver-based mechanism to implement LEDBAT++ for TCP. rLEDBAT enables a receiver to select some incoming traffic as less-than-best-effort, managing the capacity of the downlink. We describe the different mechanisms composing rLEDBAT that enable the execution of the LEDBAT++ congestion control algorithm at the receiver. We have implemented and experimentally tested rLEDBAT. We validate that the mechanisms incorporated by rLEDBAT at the receiver are indeed effective to implement a less-than-best-effort transport service at the receiver, as it performs similarly to the original sender-based LEDBAT++.

Journal article

Mandalari AM, Haddadi H, Dubois DJ, Choffnes Det al., 2023, Protected or porous: a comparative analysis of threat detection capability of IoT safeguards, 44th IEEE Symposium on Security and Privacy (SP), Publisher: IEEE Computer Society, Pages: 3061-3078, ISSN: 1081-6011

Consumer Internet of Things (IoT) devices are increasingly common, from smart speakers to security cameras, in homes. Along with their benefits come potential privacy and security threats. To limit these threats a number of commercial services have become available (IoT safeguards). The safeguards claim to provide protection against IoT privacy risks and security threats. However, the effectiveness and the associated privacy risks of these safeguards remains a key open question. In this paper, we investigate the threat detection capabilities of IoT safeguards for the first time. We develop and release an approach for automated safeguards experimentation to reveal their response to common security threats and privacy risks. We perform thousands of automated experiments using popular commercial IoT safeguards when deployed in a large IoT testbed. Our results indicate not only that these devices may be ineffective in preventing risks, but also their cloud interactions and data collection operations may introduce privacy risks for the households that adopt them.

Conference paper

Hadjixenophontos S, Mandalari AM, Zhao Y, Haddadi Het al., 2023, PRISM: Privacy Preserving Healthcare Internet of Things Security Management, ISSN: 1530-1346

Consumer healthcare Internet of Things (IoT) devices are gaining popularity in our homes and hospitals. These devices provide continuous monitoring at a low cost and can be used to augment high-precision medical equipment. However, major challenges remain in applying pre-Trained global models for anomaly detection on smart health monitoring, for a diverse set of individuals that they provide care for. In this paper, we propose PRISM, an edge-based system for experimenting with in-home smart healthcare devices. We develop a rigorous methodology that relies on automated IoT experimentation. We use a rich real-world dataset from in-home patient monitoring from 44 households of People Living With Dementia (PLWD) over two years. Our results indicate that anomalies can be identified with accuracy up to 99% and mean training times as low as 0.88 seconds. While all models achieve high accuracy when trained on the same patient, their accuracy degrades when evaluated on different patients.

Conference paper

Mandalari AM, Lutu A, Custura A, Khatouni AS, Alay Ö, Bagnulo M, Bajpai V, Brunstrom A, Ott J, Trevisan M, Mellia M, Fairhurst Get al., 2022, Measuring Roaming in Europe: Infrastructure and Implications on Users' QoE, IEEE Transactions on Mobile Computing, Vol: 21, Pages: 3687-3699, ISSN: 1536-1233

'Roam like Home' is the initiative of the European Commission (EC) to end the levy of extra charges when roaming within the European region. As a result, people can use data services more freely across Europe. However, the implications of roaming solutions on network performance have not been carefully examined yet. This paper provides an in-depth characterization of the implications of international data roaming within Europe. We build a unique roaming measurement platform using 16 different mobile networks deployed in six countries across Europe. Using this platform, we measure different aspects of international roaming in 4G networks in Europe, including mobile network configuration, performance characteristics, and quality of experience. We find that operators adopt a common approach to implement roaming called Home-routed roaming (HR). This results in additional latency penalties of 60 ms or more, depending on geographical distance. This leads to worse browsing performance, with an increase in the metrics related to Quality of Experience (QoE) of users (Page Load time and Speed Index) in the order of 15-20 percent. We further analyze in isolation the impact of latency on QoE metrics and find that the penalty imposed by HR leads to a degradation on QoE metrics up to 150 percent in case of intercontinental roaming.

Journal article

Thompson O, Mandalari AM, Haddadi H, 2021, Rapid IoT device identification at the edge, CoNEXT '21: The 17th International Conference on emerging Networking EXperiments and Technologies, Publisher: ACM, Pages: 22-28

Consumer Internet of Things (IoT) devices are increasingly common in everyday homes, from smart speakers to security cameras. Along with their benefits come potential privacy and security threats. To limit these threats we must implement solutions to filter IoT traffic at the edge. To this end the identification of the IoT device is the first natural step.In this paper we demonstrate a novel method of rapid IoT device identification that uses neural networks trained on device DNS traffic that can be captured from a DNS server on the local network. The method identifies devices by fitting a model to the first seconds of DNS second-level-domain traffic following their first connection. Since security and privacy threat detection often operate at a device specific level, rapid identification allows these strategies to be implemented immediately. Through a total of 51,000 rigorous automated experiments, we classify 30 consumer IoT devices from 27 different manufacturers with 82% and 93% accuracy for product type and device manufacturers respectively.

Conference paper

Kolcun R, Popescu DA, Safronov V, Yadav P, Mandalari AM, Mortier R, Haddadi Het al., 2021, Revisiting IoT device identification, Network Traffic Measurement and Analysis Conference 2021, Publisher: IFIP, Pages: 1-9

Internet-of-Things (IoT) devices are known to be the source of many securityproblems, and as such, they would greatly benefit from automated management.This requires robustly identifying devices so that appropriate network securitypolicies can be applied. We address this challenge by exploring how toaccurately identify IoT devices based on their network behavior, whileleveraging approaches previously proposed by other researchers. We compare the accuracy of four different previously proposed machinelearning models (tree-based and neural network-based) for identifying IoTdevices. We use packet trace data collected over a period of six months from alarge IoT test-bed. We show that, while all models achieve high accuracy whenevaluated on the same dataset as they were trained on, their accuracy degradesover time, when evaluated on data collected outside the training set. We showthat on average the models' accuracy degrades after a couple of weeks by up to40 percentage points (on average between 12 and 21 percentage points). We arguethat, in order to keep the models' accuracy at a high level, these need to becontinuously updated.

Conference paper

Saidi SJ, Mandalari AM, Haddadi H, Dubois DJ, Choffnes D, Smaragdakis G, Feldmann Aet al., 2021, Detecting consumer IoT devices through the lens of an ISP, Pages: 36-38

Internet of Things (IoT) devices are becoming increasingly popular and offer a wide range of services and functionality to their users. However, there are significant privacy and security risks associated with these devices. IoT devices can infringe users' privacy by ex-filtrating their private information to third parties, often without their knowledge. In this work we investigate the possibility to identify IoT devices and their location in an Internet Service Provider's network. By analyzing data from a large Internet Service Provider (ISP), we show that it is possible to recognize specific IoT devices, their vendors, and sometimes even their specific model, and to infer their location in the network. This is possible even with sparsely sampled flow data that are often the only datasets readily available at an ISP. We evaluate our proposed methodology [1] to infer IoT devices at subscriber lines of a large ISP. Given ground truth information on IoT devices location and models, we were able to detect more than 77% of the studied IoT devices from sampled flow data in the wild.

Conference paper

Mandalari AM, Dubois DJ, Kolcun R, Paracha MT, Haddadi H, Choffnes Det al., 2021, Blocking without breaking: identification and mitigation ofnon-essential IoT traffic, Publisher: arXiv

Despite the prevalence of Internet of Things (IoT) devices, there is littleinformation about the purpose and risks of the Internet traffic these devicesgenerate, and consumers have limited options for controlling those risks. A keyopen question is whether one can mitigate these risks by automatically blockingsome of the Internet connections from IoT devices, without rendering thedevices inoperable. In this paper, we address this question by developing arigorous methodology that relies on automated IoT-device experimentation toreveal which network connections (and the information they expose) areessential, and which are not. We further develop strategies to automaticallyclassify network traffic destinations as either required (i.e., their trafficis essential for devices to work properly) or not, hence allowing firewallrules to block traffic sent to non-required destinations without breaking thefunctionality of the device. We find that indeed 16 among the 31 devices wetested have at least one blockable non-required destination, with the maximumnumber of blockable destinations for a device being 11. We further analyze thedestination of network traffic and find that all third parties observed in ourexperiments are blockable, while first and support parties are neitheruniformly required or non-required. Finally, we demonstrate the limitations ofexisting blocklists on IoT traffic, propose a set of guidelines forautomatically limiting non-essential IoT traffic, and we develop a prototypesystem that implements these guidelines.

Working paper

Kolcun R, Popescu DA, Safronov V, Yadav P, Mandalari AM, Xie Y, Mortier R, Haddadi Het al., 2020, The case for retraining of ML models for IoT device identification at the edge, Publisher: arXiv

Internet-of-Things (IoT) devices are known to be the source of many securityproblems, and as such they would greatly benefit from automated management.This requires robustly identifying devices so that appropriate network securitypolicies can be applied. We address this challenge by exploring how toaccurately identify IoT devices based on their network behavior, usingresources available at the edge of the network. In this paper, we compare the accuracy of five different machine learningmodels (tree-based and neural network-based) for identifying IoT devices byusing packet trace data from a large IoT test-bed, showing that all models needto be updated over time to avoid significant degradation in accuracy. In orderto effectively update the models, we find that it is necessary to use datagathered from the deployment environment, e.g., the household. We thereforeevaluate our approach using hardware resources and data sources representativeof those that would be available at the edge of the network, such as in an IoTdeployment. We show that updating neural network-based models at the edge isfeasible, as they require low computational and memory resources and theirstructure is amenable to being updated. Our results show that it is possible toachieve device identification and categorization with over 80% and 90% accuracyrespectively at the edge.

Working paper

Saidi SJ, Mandalari AM, Kolcun R, Haddadi H, Dubois DJ, Choffnes D, Smaragdakis G, Feldmann Aet al., 2020, A Haystack Full of Needles: Scalable Detection of IoT Devices in the Wild, Pages: 87-100

Consumer Internet of Things (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. These functionalities often come with significant privacy and security risks, with notable recent large-scale coordinated global attacks disrupting large service providers. Thus, an important first step to address these risks is to know what IoT devices are where in a network. While some limited solutions exist, a key question is whether device discovery can be done by Internet service providers that only see sampled flow statistics. In particular, it is challenging for an ISP to efficiently and effectively track and trace activity from IoT devices deployed by its millions of subscribers - -all with sampled network data. In this paper, we develop and evaluate a scalable methodology to accurately detect and monitor IoT devices at subscriber lines with limited, highly sampled data in-the-wild. Our findings indicate that millions of IoT devices are detectable and identifiable within hours, both at a major ISP as well as an IXP, using passive, sparsely sampled network flow headers. Our methodology is able to detect devices from more than 77% of the studied IoT manufacturers, including popular devices such as smart speakers. While our methodology is effective for providing network analytics, it also highlights significant privacy consequences.

Conference paper

Saidi SJ, Mandalari AM, Kolcun R, Haddadi H, Dubois DJ, Choffnes D, Smaragdakis G, Feldmann Aet al., 2020, A haystack full of needles: scalable detection of IoT devices in the wild, Publisher: arXiv

Consumer Internet of Things (IoT) devices are extremely popular, providingusers with rich and diverse functionalities, from voice assistants to homeappliances. These functionalities often come with significant privacy andsecurity risks, with notable recent large scale coordinated global attacksdisrupting large service providers. Thus, an important first step to addressthese risks is to know what IoT devices are where in a network. While somelimited solutions exist, a key question is whether device discovery can be doneby Internet service providers that only see sampled flow statistics. Inparticular, it is challenging for an ISP to efficiently and effectively trackand trace activity from IoT devices deployed by its millions of subscribers--all with sampled network data. In this paper, we develop and evaluate a scalable methodology to accuratelydetect and monitor IoT devices at subscriber lines with limited, highly sampleddata in-the-wild. Our findings indicate that millions of IoT devices aredetectable and identifiable within hours, both at a major ISP as well as anIXP, using passive, sparsely sampled network flow headers. Our methodology isable to detect devices from more than 77% of the studied IoT manufacturers,including popular devices such as smart speakers. While our methodology iseffective for providing network analytics, it also highlights significantprivacy consequences.

Working paper

Ren J, Dubois DJ, Choffnes D, Mandalari AM, Kolcun R, Haddadi Het al., 2019, Information exposure from consumer IoT devices: a multidimensional, network-informed measurement approach, ACM Internet Measurement Conference (IMC), Publisher: ASSOC COMPUTING MACHINERY, Pages: 267-279

Internet of Things (IoT) devices are increasingly found in everyday homes, providing useful functionality for devices such as TVs, smart speakers, and video doorbells. Along with their benefits come potential privacy risks, since these devices can communicate information about their users to other parties over the Internet. However, understanding these risks in depth and at scale is difficult due to heterogeneity in devices' user interfaces, protocols, and functionality.In this work, we conduct a multidimensional analysis of information exposure from 81 devices located in labs in the US and UK. Through a total of 34,586 rigorous automated and manual controlled experiments, we characterize information exposure in terms of destinations of Internet traffic, whether the contents of communication are protected by encryption, what are the IoT-device interactions that can be inferred from such content, and whether there are unexpected exposures of private and/or sensitive information (e.g., video surreptitiously transmitted by a recording device). We highlight regional differences between these results, potentially due to different privacy regulations in the US and UK. Last, we compare our controlled experiments with data gathered from an in situ user study comprising 36 participants.

Conference paper

Popescu DA, Safronov V, Yadav P, Kolcun R, Mandalari A-M, Haddadi H, McAuley D, Mortier Ret al., 2019, Poster Abstract: "Sensing" the IoT Network: Ethical Capture of Domestic IoT Network Traffic, 17th ACM Conference on Embedded Networked Sensor Systems (SenSys), Publisher: ASSOC COMPUTING MACHINERY, Pages: 406-407

Conference paper

Mandalari AM, Lutu A, Custura A, Khatouni AS, Alay Ö, Bagnulo M, Bajpai V, Brunstrom A, Ott J, Mellia M, Fairhurst Get al., 2018, Experience: Implications of roaming in Europe, Pages: 179-189

"Roam like Home" is the initiative of the European Commission (EC) to end the levy of extra charges when roaming within the European region. As a result, people are able to use data services more freely across Europe. However, the implications roaming solutions have on performance have not been carefully examined. This paper provides an in-depth characterization of the implications of international data roaming within Europe.We build a unique roaming measurement platform using 16 different mobile networks deployed in six countries across Europe. Using this platform, we measure different aspects of international roaming in 3G and 4G networks, including mobile network configuration, performance characteristics, and content discrimination. We find that operators adopt common approaches to implementing roaming, resulting in additional latency penalties of-60 ms or more, depending on geographical distance. Considering content accessibility, roaming poses additional constraints that leads to only minimal deviations when accessing content in the original country. However, geographical restrictions in the visited country make the picture more complicated and less intuitive.

Conference paper

Mandalari AM, Lutu A, Briscoe B, Bagnulo M, Alay Öet al., 2018, Measuring ECN++: Good News for ++, Bad News for ECN over Mobile, IEEE Communications Magazine, Vol: 56, Pages: 180-186, ISSN: 0163-6804

After ECN was first added to IP in 2001, it was hit by a succession of deployment problems. Studies in recent years have concluded that path traversal of ECN has become close to universal. In this article, we test whether the performance enhancement called ECN++ will face a similar deployment struggle as did base ECN. For this, we assess the feasibility of ECN++ deployment over mobile as well as fixed networks. In the process, we discover bad news for the base ECN protocol: contrary to accepted beliefs, more than half the mobile carriers we tested wipe the ECN field at the first upstream hop. All packets still get through, and congestion control still functions, just without the benefits of ECN. This throws into question whether previous studies used representative vantage points. This article also reports the good news that, wherever ECN gets through, we found no deployment problems for the "++" enhancement to ECN. The article includes the results of other in-depth tests that check whether servers that claim to support ECN actually respond correctly to explicit congestion feedback. Those interested can access the raw measurement data online.

Journal article

Mandalari AM, Bautista MAD, Valera F, Bagnulo Met al., 2017, NATwatcher: Profiling NATs in the Wild, IEEE Communications Magazine, Vol: 55, Pages: 178-185, ISSN: 0163-6804

NATs are commonplace in the Internet nowadays. It is fair to say that most residential and mobile users are connected to the Internet through one or more NATs. As with any other technology, NAT presents upsides and downsides. Probably the most acknowledged downside of the NAT technology is that it introduces additional difficulties for some applications such as peer-to-peer applications, gaming, and others to function properly. This is partially due to the nature of the NAT technology but also due to the diversity of behaviors of the different NAT implementations deployed in the Internet. Understanding the properties of the currently deployed NAT base provides useful input for application and protocol developers regarding what to expect when deploying new applications in the Internet. The goal of this article is to identify common NAT profiles in order to provide an overview of the current behavior of NATs. We develop NATwatcher, a tool to test NAT boxes using a crowdsourcing-based measurement methodology. We perform a large measurement campaign using NATwatcher recruiting over 700 users, from 65 different countries and 280 ISPs. We present the results after testing and profiling NAT products from over 120 vendors.

Journal article

Mandalari AM, Bagnulo M, Lutu A, 2015, Informing protocol design through crowdsourcing: The case of pervasive encryption, Pages: 3-8

Middleboxes, such as proxies, firewalls and NATs play an important role in the modern Internet ecosystem. On one hand, they perform advanced functions, e.g. traffic shaping, security or enhancing application performance. On the other hand, they turn the Internet into a hostile ecosystem for innovation, as they limit the deviation from deployed protocols. It is therefore essential, when designing a new protocol, to first understand its interaction with the elements of the path. The emerging area of crowdsourcing solutions can help to shed light on this issue. Such approach allows us to reach large and different sets of users and also different types of devices and networks to perform Internet measurements. In this paper, we show how to make informed protocol design choices by using a crowdsourcing platform. We consider a specific use case, namely the case of pervasive encryption in the modern Inter- net. Given the latest public disclosures of the NSA global surveillance operations, the issue of privacy in the Internet became of paramount importance. Internet community efforts are thus underway to increase the adoption of encryption. Using a crowdsourcing ap- proach, we perform large-scale TLS measurements to advance our understanding on whether wide adoption of encryption is possible in today's Internet.

Conference paper

Briante O, Mandalari AM, Molinaro A, Ruggeri G, Vázquez-Gallego F, Alonso-Zárate Jet al., 2014, Duty-cycle optimization for Machine-to-Machine area networks based on Frame Slotted-ALOHA with energy harvesting capabilities, Pages: 409-414

We propose in this paper a simple method to optimize the duty-cycle of a Machine-to-Machine (M2M) area network equipped with energy harvesters so that the Energy Neutral Operation (ENO) can be achieved and thus devices can operate autonomously forever, as far as the communication part is regarded. We use an exponentially weighted moving-average (EWMA) filter to predict the energy harvested in a complete duty-cycle, and adjust the duty-cycle according to the energy required during the active periods. As a case study, we consider the use of the Frame Slotted-ALOHA (FSA) Medium Access Control (MAC) protocol in a data collection application where a central coordinator interrogates a group of end-devices equipped with solar panels. We evaluate the performance of the proposed mechanism by means of computer-based simulations and show that an optimal configuration of the prediction filter can help to reach the ENO condition and ensure the unlimited lifetime of the network.1

Conference paper

Vázquez-Gallego F, Alonso-Zarate J, Mandalari AM, Briante O, Molinaro A, Ruggeri Get al., 2014, Performance evaluation of Reservation Frame slotted-aloha for data collection M2M networks, Pages: 633-638

In this paper, we consider a Machine-to-Machine (M2M) wireless network composed of a group of devices which duty cycle to save energy. These devices operate in low-power sleeping mode for most of the time and, periodically, they wake-up to listen to a poll packet transmitted by a data collector. Upon this broadcast poll, all devices try to get access to the uplink channel to transmit a burst of data packets. Therefore, the idle network is suddenly set into saturation conditions when all devices wake up and attempt to get access to the channel simultaneously. The Medium Access Control (MAC) protocol used to coordinate these transmissions has a strong influence on the energy efficiency of the network, and thus the lifetime of the devices. Frame Slotted ALOHA (FSA) has been identified in the literature as a simple yet efficient MAC protocol for such kind of communications. However, when the devices have to transmit more than one data packet per channel invocation, the Reservation Frame Slotted-ALOHA (RFSA) may be more efficient, since it guarantees the collision-free transmission of data for a device once it succeeds for the first time. Existing analyzes of both FSA and RFSA are valid for steady traffic conditions and not for abrupt idle-tosaturation traffic patterns. Motivated by this fact, in this paper we evaluate the energy efficiency of RFSA through computerbased simulations to show its better performance compared to FSA. Results show that RFSA can attain up to 48% energy gains compared to FSA, thus extending the lifetime of data-collection M2M networks.1

Conference paper

This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.

Request URL: http://wlsprd.imperial.ac.uk:80/respub/WEB-INF/jsp/search-html.jsp Request URI: /respub/WEB-INF/jsp/search-html.jsp Query String: respub-action=search.html&id=00999963&limit=30&person=true