Christian Coduri
Cybersecurity Researcher and PhD student at Politecnico di Torino
Research interests: AI Security · Privacy-preserving ML · Medical Data Security
Cybersecurity Researcher and PhD student at Politecnico di Torino
Research interests: AI Security · Privacy-preserving ML · Medical Data Security
[Full list of publications here]
Christian Coduri, Stelvio Cimato
COMPSAC, 2025
A secure method for sharing and storing diagnostic exam results in DICOM format, utilizing steganography and visual cryptography to protect both metadata and pixel data.
In the domain of medical data security, the confidentiality and integrity of diagnostic exam results is crucial. However, the use of DICOM files, the standard format for storing and sharing medical images like X-rays and MRIs, can pose security risks because they are not subject to encryption requirements. As a result, these files rely heavily on the security measures implemented within the healthcare institution’s networks and databases, which are often inadequate in preventing unauthorized access, data tampering, or malicious injections.The goal of this paper is to propose a secure method for sharing and storing diagnostic exam results, ensuring the confidentiality of the information while safeguarding patient privacy. The proposed solution operates directly on DICOM files, utilizing steganography and visual secret sharing to protect and maintain the security of both metadata and pixel data.
Additional information: This work was derived from my Bachelor's thesis.
Selected among top 100 Italian cryptography theses (2017–2024) Bachelor Thesis (ITA) Thesis Presentation Video (ITA)
A talk on how formal verification (using ProVerif) can uncover subtle authentication flaws in implantable medical device protocols.
Implantable medical devices such as pacemakers are wireless, networked computers embedded in the human body. Like any connected system, they rely on authentication and access control protocols to determine who can communicate with them and under what conditions.
This talk begins with an overview of the main security architectures proposed in the medical device literature, including proximity-based schemes, biometric authentication, proxy-based guardians, and hybrid designs. We examine how they work, their security guarantees, and the assumptions on which they depend.
From there, we shift to a security engineer’s perspective. What happens when we stop trusting the design and formally verify it? Using ProVerif, we demonstrate how security protocols can be modeled, how adversarial capabilities are defined, and how formal verification tools can uncover attack paths beyond human intuition.
Finally, we present the formal analysis of a widely known implantable device protocol. Our verification reveals a subtle authentication flaw that enables session key forgery and device impersonation without breaking any cryptographic primitive. The math holds. The logic doesn’t.
