Meriem Guerar

About me

Meriem Guerar is a senior researcher at CyberTooth research group (Guppo Sigla & CIPI) working on SSI, IoT and blockchain projects. She was involved in multiple European H2020 projects (Truth Seekers Chain, FINSEC, FILANTROPOS) and others in collaboration with Gruppo Sigla S.R.L (TiAMO, PICK-UP) and GFT S.R.L (DLI, OFION). She participated in the architecture design of Truth Seekers Chain and EBSI TRACE4EU projects. She was a postdoctoral research fellow at the University of Padova, Italy. Before that, she was a postdoctoral research fellow at the University of Genova, Italy. Her main activities include but are not limited to designing secure and usable authentication methods for ATMs, smartphones and smartwatches, analysing security of IoT setup based on LoRaWAN technology, designing and developing blockchain based solutions and evaluating its security. Since 2017, she has been focusing on Blockchain, SSI, NFTs, cryptocurrency and worked as a blockchain consultant and developer for Gruppo Sigla S.R.L and AV Technologies S.R.L.

Interests

SSI and Blockchain
Usable security
Authentication
Cyber-security

Education

Ph.D. in Computer Science, 2017

Oran University (USTO), Oran, Algeria
MSc in Computer Networks and Security, 2011

Oran University (USTO), Oran, Algeria
Bachelor in Computer Science, 2009

Oran University (USTO), Oran, Algeria

Experience

Blockchain Consultant, Gruppo Sigla

April 2022 – July 2022 | Design and development of Web3 Dapp with NFT marketplace using next.js, node.js, Solidity smart contracts and Firebase V9. Authentication using SSI model (Trinsic ID).
PostDoc at DEI, University of Padova

October 2021 – October 2022 | Title: Leveraging blockchain technology, Bot Screening and SSI to Combat Disinformation on Social Media.
DLT Consultant, AV Technologies SRL

April 2021 – July 2021 | The study, design and development of a digital platform based on DLT. Research on Fractional NFTs and Digital Product Passport.
PostDoc at the University of Genova

April 2018 – August 2021 | Title: Development of methodologies for the protection of blockchain-based financial and insurance services.
PostDoc at DEI, University of Padova

March 2017 – March 2018 | Title: Usable Security for loT- Study and development of new methodologies and new authentication and attestation mechanisms.
Exchange PhD student at DEI, Padova

September 2014 – March 2015 | Erasmus Mundus Scholarship, University of Padova, Italy
Visiting PhD student at ENSICAEN

April 2013 – Juin 2013 | Visiting PhD student at GREYC Biometric and payment lab, ENSICAEN, France

Media

CAPPCHA / Invisible CAPPCHA (Completely Automatic Public Physical test to tell Computers and Humans Apart)

Sharon Waters, I’m Not a Robot! So Why Won’t Captchas Believe Me? (2021) , WIRED.

Projects

Truth Seekers Chain

TSC is Horizon 2020 project (Trublo call) proposed by CyberTooth Team. TSC aims at designing a methodology and implementing an open ecosystem, to provide useful tools to tackle spreading of fake news and tampered contents generated by users on social media and the internet.

TRACE4EU

Ongoing Project. TRACE4EU is led by Slovenia with the participation of more than 50 European organizations and companies with the aim to design and implement holistic solutions for trustworthy products and data traceability using the European Blockchain Services Infrastructure (EBSI).

OFION

OFION (Orchestration of Financial Services On-demand) is bringing a new improvement and is further reducing time-to-cash, while bringing additional advantages such as trust, best demand/offering match or speed. It is a complete hub for all your invoice financing needs, from the optimal invoice factoring choices and cross-provider workflow execution, to the innovative value-added services for partner and customer onboarding and blockchain-based fraud prevention.

TIAMO

TIAMO project "Iot Technologies for the Marine Environment" carried out by a consortium of companies including Gruppo SIGLA. The TIAMO project includes both industrial research and experimental development activities, aimed at the design and implementation of an innovative Internet-of-Things (IoT) system focused on providing services in the marine environment. The system provides for the design of new tools aimed at the safety of navigation in coastal areas and marine protected areas, and the study of innovative sensors for the observation of water status.

FINSEC

FINSEC (Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures) is a joint effort of prominent stakeholders in the financial sector and global leaders in physical & IT security, towards introducing a novel standards-based reference architecture (RA) for integrated (cyber & physical) security. The RA will enable timely preparation against attacks, while at the same time facilitating stakeholders’ collaboration for risk assessment /mitigation in the financial supply chain, as a means of confronting complex threats and their cascading effects.

Secure ATM Authentication

As a victim of skimming attack myself, I designed Color Wheel PIN (CWPIN)- an authentication mechanism resilient to brute force attacks,skimming attacks, recording attacks, spyware attack and shoulder-surfing attack.

Usable Security

2GesturePIN is a new authentication method that allows users to authenticate securely to their smartwatches and sensitive services through solely two gestures. It leverages the rotating bezel or the crown which are the most intuitive channels to interact with a smartwatch. 2GesturePIN enhances the resilience of the regular PIN to common attacks while maintaining a high level of usability.

Click Pattern

The first prototype of ClickPattern is very simple and similar to Android pattern lock, in fact, the only difference resides in how the user draws the pattern. To unlock the device, the user has to click directly on the sequence of dots that constitutes the nodes of the correct pattern instead of swiping his finger along the edges. This way, it is resilient to smudge attack. The second version illustrated in the Figure is resilient to side channel attacks as well.

Usable CAPTCHA

CAPPCHA is a promising alternative to CAPTCHA, which is based on physical nature of human instead of cognitive task. The first version of CAPPCHA consist of tilting the smartphone to a specific degree displayed on the screen. The rationale behind CAPPCHA is to use something that the user can do easily while the malware cannot. The second version is fully transparent to the users and it has been adopted by Brave Browser (ZKSENSE).

Invisible CAPPCHA

Invisible CAPPCHA, a mechanism that, leveraging trusted sensors embedded in a secure element located on a smartphone is capable of separating humans from computers in a way that is completely transparent to users. Furthermore, as no challenge is required, no additional time is needed and the user cannot fail it by mistake. This mechanism has been used by Brave Browser (ZKSENSE).

BrightPass

During the design phase of BrightPass, we noticed that screen capture and screen recording techniques do not take the display brightness setting into account. So, we used screen brightness as a secure communication channel to communicate a random sequence generated by the secure element to the user. This sequence is used to tell the user when to input correct PIN digits and when to input misleading lie digits. This way, BrightPass prevents the malware from correctly inserting the PIN code.

Publications

Migliardi, M., Guerar, M., Marzio, S., Ferrari, C. Continuous Authentication on a Smartwatch., Proceedings of the International Conference on Ubiquitous Computing & Ambient Intelligence (UCAmI 2022). UCAmI 2022. Lecture Notes in Networks and Systems , vol 594. Springer, Cham. 2022

PDF Cite
Meriem Guerar, Mauro Migliardi. TruthSeekers Chain: Leveraging Invisible CAPPCHA, SSI and Blockchain to Combat Disinformation on Social Media, Computational Science and Its Applications – ICCSA 2022 Workshops. ICCSA 2022. Lecture Notes in Computer Science, vol 13380. Springer, Cham.

PDF Cite
Meriem GuerarLuca Verderame, Mauro Migliardi, Francesco Palmieri, Alessio Merlo. Gotta CAPTCHA’Em all: a survey of 20 Years of the human-or-computer Dilemma, ACM COMPUTING SURVEYS, vol. 54, p. 1-33, ISSN: 0360-0300.

PDF Cite
Di Nardo Di Maio R., Meriem Guerar, Migliardi Mauro. ascCAPTCHA: an Invisible Sensor CAPTCHA for PCs Based on Acoustic Side Channel, 44th International Convention on Information, Communication and Electronic Technology (MIPRO), 2021, pp. 482-487.

PDF Cite
Di Nardo Di Maio R., Meriem Guerar, Mauro Migliardi, Francesco Palmieri, Luca Verderame, Alessio Merlo. Securing PIN-based authentication in smartwatches with just two gestures, CONCURRENCY AND COMPUTATION, p. 1-14, ISSN: 1532-0626,2019.

PDF Cite
Nicola Cibin, Meriem Guerar, Alessio Merlo, Mauro Migliardi, Luca Verderame. Towards a SIP-based DDoS Attack to the 4G Network, Advances in Intelligent Systems and Computing. ADVANCES IN INTELLIGENT SYSTEMS AND COMPUTING, vol. 1150, p. 857-866, Springer, ISBN: 978-3-030-44037-4, ISSN: 2194-5357

PDF Cite
Meriem Guerar,Luca Verderame, Alessio Merlo, Francesco Palmieri, Mauro Migliardi, Luca Vallerini. CirclePIN: A novel authentication mechanism for smartwatches to prevent unauthorized access to IoT devices, ACM TRANSACTIONS ON CYBER- PHYSICAL SYSTEMS, vol. 4, p. 1-19, ISSN: 2378-962X, 2020.

PDF Cite
Meriem Guerar, Alessio Merlo, Mauro Migliardi, Francesco Palmieri, Luca Verderame. A Fraud-Resilient Blockchain-Based Solution for Invoice Financing, IEEE TRANSACTIONS ON ENGINEERING MANAGEMENT, vol. 67, p. 1086- 1098, ISSN: 0018-9391, 2020.

PDF Cite
Meriem Guerar, Luca Verderame, Mauro Migliardi, and Alessio Merlo. 2GesturePIN: Securing PIN-Based Authentication on Smartwatches, IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2019

PDF Cite
Meriem Guerar, Luca Verderame, Alessio Merlo, and Mauro Migliardi. Blockchain-based Risk Mitigation for Invoice Financing, Proceedings of the 23rd International Database Applications & Engineering Symposium IDEAS, 2019

PDF Cite
Meriem Guerar, Alessio Merlo, Mauro Migliardi, and Francesco Palmieri. Invisible CAPPCHA: A Usable Mechanism to Distinguish Between Malware and Humans on the mobile IoT, Computers & Security, 2018

PDF Cite
Meriem Guerar, Mauro Migliardi, Alessio Merlo, Mohamed Benmohammed, Francesco Palmieri, and Aniello Castiglione. Using Screen Brightness to Improve Security in Mobile Social Network Access, IEEE Transactions on Dependable and Secure Computing, 2018

PDF Cite
Meriem Guerar, Alessio Merlo, Mauro Migliardi. Completely Automated Public Physical test to tell Computers and Humans Apart: A usability study on mobile devices , Future Generation Computer Systems, 2018

PDF Cite
Meriem Guerar, Alessio Merlo, Mauro Migliardi. ClickPattern: A Pattern Lock System Resilient to Smudge and Side-channel Attacks , Journal of Wireless Mobile Networks, Ubiquitous Computing, and Depensable Applicatios (JoWUA), 2017

PDF Cite
Meriem Guerar, Alessio Merlo, Mauro Migliardi and Mohamed Benmohammed. Click Pattern: A novel Approach to Secure Pattern Lock Systems Against Smudge and Side-channel Attacks , The 2016 International Symposium on Mobile Internet Security (MobiSec’16), 2016

PDF Cite
Meriem Guerar, Mohamed Benmohammed and Vincent Alimi. Color wheel pin: Usable and resilient ATM authentication , Journal of High Speed Networks, 2016

PDF Cite
Meriem Guerar, Mauro Migliardi, Alessio Merlo, Mohamed Benmohammed, Belhadri Messabih. A completely automatic public physical test to tell computers and humans apart: a way to enhance authentication schemes in mobile devices , IEEE 2015 International conference on High Performance Computing & Simulation, 2015

PDF Cite