Meriem Guerar

About me

Meriem Guerar is a senior researcher at CyberTooth research group (Guppo Sigla & CIPI) working on SSI, IoT and blockchain projects. She was involved in multiple European H2020 projects (Truth Seekers Chain, FINSEC, FILANTROPOS) and others in collaboration with Gruppo Sigla S.R.L (TiAMO, PICK-UP) and GFT S.R.L (DLI, OFION). She participated in the architecture design of Truth Seekers Chain and EBSI TRACE4EU projects. She was a postdoctoral research fellow at the University of Padova, Italy. Before that, she was a postdoctoral research fellow at the University of Genova, Italy. Her main activities include but are not limited to designing secure and usable authentication methods for ATMs, smartphones and smartwatches, analysing security of IoT setup based on LoRaWAN technology, designing and developing blockchain based solutions and evaluating its security. Since 2017, she has been focusing on Blockchain, SSI, NFTs, cryptocurrency and worked as a blockchain consultant and developer for Gruppo Sigla S.R.L and AV Technologies S.R.L.

Interests

  • SSI and Blockchain
  • Usable security
  • Authentication
  • Cyber-security

Education

  • Ph.D. in Computer Science, 2017

    Oran University (USTO), Oran, Algeria

  • MSc in Computer Networks and Security, 2011

    Oran University (USTO), Oran, Algeria

  • Bachelor in Computer Science, 2009

    Oran University (USTO), Oran, Algeria

Experience

  • Blockchain Consultant, Gruppo Sigla

    April 2022 – July 2022 | Design and development of Web3 Dapp with NFT marketplace using next.js, node.js, Solidity smart contracts and Firebase V9. Authentication using SSI model (Trinsic ID).

  • PostDoc at DEI, University of Padova

    October 2021 – October 2022 | Title: Leveraging blockchain technology, Bot Screening and SSI to Combat Disinformation on Social Media.

  • DLT Consultant, AV Technologies SRL

    April 2021 – July 2021 | The study, design and development of a digital platform based on DLT. Research on Fractional NFTs and Digital Product Passport.

  • PostDoc at the University of Genova

    April 2018 – August 2021 | Title: Development of methodologies for the protection of blockchain-based financial and insurance services.

  • PostDoc at DEI, University of Padova

    March 2017 – March 2018 | Title: Usable Security for loT- Study and development of new methodologies and new authentication and attestation mechanisms.

  • Exchange PhD student at DEI, Padova

    September 2014 – March 2015 | Erasmus Mundus Scholarship, University of Padova, Italy

  • Visiting PhD student at ENSICAEN

    April 2013 – Juin 2013 | Visiting PhD student at GREYC Biometric and payment lab, ENSICAEN, France

Media


CAPPCHA / Invisible CAPPCHA (Completely Automatic Public Physical test to tell Computers and Humans Apart)

Projects

Truth Seekers Chain

TSC is Horizon 2020 project (Trublo call) proposed by CyberTooth Team. TSC aims at designing a methodology and implementing an open ecosystem, to provide useful tools to tackle spreading of fake news and tampered contents generated by users on social media and the internet.

TRACE4EU

Ongoing Project. TRACE4EU is led by Slovenia with the participation of more than 50 European organizations and companies with the aim to design and implement holistic solutions for trustworthy products and data traceability using the European Blockchain Services Infrastructure (EBSI).

OFION

OFION (Orchestration of Financial Services On-demand) is bringing a new improvement and is further reducing time-to-cash, while bringing additional advantages such as trust, best demand/offering match or speed. It is a complete hub for all your invoice financing needs, from the optimal invoice factoring choices and cross-provider workflow execution, to the innovative value-added services for partner and customer onboarding and blockchain-based fraud prevention.

TIAMO

TIAMO project "Iot Technologies for the Marine Environment" carried out by a consortium of companies including Gruppo SIGLA. The TIAMO project includes both industrial research and experimental development activities, aimed at the design and implementation of an innovative Internet-of-Things (IoT) system focused on providing services in the marine environment. The system provides for the design of new tools aimed at the safety of navigation in coastal areas and marine protected areas, and the study of innovative sensors for the observation of water status.

FINSEC

FINSEC (Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures) is a joint effort of prominent stakeholders in the financial sector and global leaders in physical & IT security, towards introducing a novel standards-based reference architecture (RA) for integrated (cyber & physical) security. The RA will enable timely preparation against attacks, while at the same time facilitating stakeholders’ collaboration for risk assessment /mitigation in the financial supply chain, as a means of confronting complex threats and their cascading effects.

Secure ATM Authentication

As a victim of skimming attack myself, I designed Color Wheel PIN (CWPIN)- an authentication mechanism resilient to brute force attacks,skimming attacks, recording attacks, spyware attack and shoulder-surfing attack.

Usable Security

2GesturePIN is a new authentication method that allows users to authenticate securely to their smartwatches and sensitive services through solely two gestures. It leverages the rotating bezel or the crown which are the most intuitive channels to interact with a smartwatch. 2GesturePIN enhances the resilience of the regular PIN to common attacks while maintaining a high level of usability.

Click Pattern

The first prototype of ClickPattern is very simple and similar to Android pattern lock, in fact, the only difference resides in how the user draws the pattern. To unlock the device, the user has to click directly on the sequence of dots that constitutes the nodes of the correct pattern instead of swiping his finger along the edges. This way, it is resilient to smudge attack. The second version illustrated in the Figure is resilient to side channel attacks as well.

Usable CAPTCHA

CAPPCHA is a promising alternative to CAPTCHA, which is based on physical nature of human instead of cognitive task. The first version of CAPPCHA consist of tilting the smartphone to a specific degree displayed on the screen. The rationale behind CAPPCHA is to use something that the user can do easily while the malware cannot. The second version is fully transparent to the users and it has been adopted by Brave Browser (ZKSENSE).

Invisible CAPPCHA

Invisible CAPPCHA, a mechanism that, leveraging trusted sensors embedded in a secure element located on a smartphone is capable of separating humans from computers in a way that is completely transparent to users. Furthermore, as no challenge is required, no additional time is needed and the user cannot fail it by mistake. This mechanism has been used by Brave Browser (ZKSENSE).

BrightPass

During the design phase of BrightPass, we noticed that screen capture and screen recording techniques do not take the display brightness setting into account. So, we used screen brightness as a secure communication channel to communicate a random sequence generated by the secure element to the user. This sequence is used to tell the user when to input correct PIN digits and when to input misleading lie digits. This way, BrightPass prevents the malware from correctly inserting the PIN code.

Publications