ARC@ORU: Guest speakers within the area of Cybersecurity

No registration is needed

Participate on site: Visual Lab, ARC house

Participate via Zoom: Use this link

---

TALK 1

Securing Modern Vehicles: Electric Charging and In-Vehicle Communication Protocols

Speaker

Denis Donadel, postdoctoral researcher at the University of Verona, working on the cybersecurity of cyber-physical systems under the supervision of Prof. Massimo Merro. He received his PhD in Brain, Mind and Computer Science (BMCS) from the University of Padua in 2024, under the supervision of Prof. Mauro Conti, with a thesis focused on the security of modern vehicles. In 2021, he was awarded a New Generation Internet (NGI) Explorers grant to support a collaboration with the University of Washington (Seattle, USA). This collaboration led to a research visit in 2023 under the supervision of Prof. Radha Poovendran.

About the talk

This talk investigates the security of modern vehicles as complex Cyber-Physical Systems (CPSs). While increased connectivity and computational capabilities enhance functionality and safety, they also enlarge the attack surface, introducing new risks to both security and privacy. The presentation summarizes findings from different important research directions addressing vulnerabilities in contemporary automotive technologies.

The first part examines emerging threats in electric vehicles connected to the smart grid. In particular, it introduces EVExchange, the first relay attack targeting Vehicle-to-Grid interactions, and discusses potential countermeasures to mitigate this threat.

The second part focuses on securing in-vehicle communications, particularly the CAN bus, a legacy protocol lacking built-in security features. Although numerous intrusion detection systems have been proposed, high false-positive rates remain a major limitation to practical deployment. This talk presents CANTXSec, a deterministic mechanism that correlates Electronic Control Unit activations with bus traffic to detect and prevent specific attacks while reducing false positives.

Finally, the presentation examines vulnerabilities in driver-behavior-based authentication systems, outlines adversarial attacks against them, and provides insights for their secure deployment.

---

TALK 2

Trust No Sensor: Practical Attacks on Drone Perception, Navigation, and Control

Speaker

Eleonora Amadori, cybersecurity researcher and MSc student in Cybersecurity at the University of Padua, affiliated with the SPRITZ Security and Privacy Research Group. Her research focuses on the security of cyber-physical systems and UAVs, with emphasis on sensor-based attacks, wireless communication vulnerabilities, and side-channel analysis. She has worked on experimental testbeds for drone fingerprinting via wireless charging profiles and on attacks targeting UAV proximity sensors and telemetry systems. Her work combines hardware experimentation, software-defined radio analysis, and machine learning techniques for security evaluation. She was awarded the 1st CLUSIT Thesis Prize for research on drone fingerprinting and is actively involved in multidisciplinary research on CPS security, cyber threat intelligence and AML tecniques.

About the talk

Unmanned Aerial Vehicles (UAVs) represent a critical class of cyber-physical systems, increasingly adopted in both civilian and strategic domains. However, their reliance on heterogeneous sensors, wireless communication, and autonomous control loops exposes them to a wide attack surface.This talk provides an overview of the main practical attack vectors against drone systems. First, we examine sensor-based attacks, including optical flow manipulation and acoustic interference against MEMS gyroscopes, showing how physical signals can be exploited to alter flight behavior. Second, we analyze GPS spoofing and drone hijacking techniques, highlighting how the lack of authentication in GNSS systems enables adversaries to manipulate navigation and capture drones through controlled trajectory deviations. Finally, we discuss side-channel and fingerprinting attacks, demonstrating how non-traditional signals such as charging profiles and proximity sensors can leak sensitive information or be used for device identification and control.

The discussion is grounded in realistic attacker models leveraging low-cost hardware and emphasizes the implications for safety, integrity, and control of UAV systems. The goal is to provide a concise yet technically rigorous overview of the most impactful and experimentally validated attack classes in drone security and current research projects.