CIPSEC 4th Newsletter – Christmas 2018

From our last Newsletter, on March 2018, new milestones and new dissemination actions have been successfully achieved. At this stage of the project we have accomplished most of the objectives and goals proposed at the beginning of the project. A brief report of the main achievements of CIPSEC emphasizing into the dissemination and the technical aspects of the work that has been performed.

Blog

Eight new CIPSEC blog entries (http://www.cipsec.eu/auto/blog) have been released with monthly periodicity:

• It’s the people… by Kostas Lampropoulos from University of Patras, March 2018.
• Distributed IoT security provisioning in Critical Infrastructures with Quality ofService (QoS) by Sarang Kahvazadeh, PhD Researcher from Polytechnic University of Catalonia, April 2018.
• Critical Infrastructures and Cascade Effects: a study on the use of ABM tosimulate the spread of viruses and the adoption of policies to prevent their spread by Vittorio Vallero and Barbara Lunel from CSI, June 2018.
• ICS/SCADA networks threats and defenses by Manos Athanatos from FORTH, July 2018.
• Industry and Science encountering railway security together by Markus Heinrich from Technische Universität Darmstadt, July 2018.
• Security4Safety -Enabling Digitalization for railways by Christian Schlehuber from Deutsche Bahn, October 2018.
• Cyber-security in Healthcare by Joan Maria Arenas Gómez from HCB, November 2018.
• Identifying Security Risks by Conducting Vulnerability Assessments by Baruch Menahem from COMSEC, November 2018.

On September 2018, we released four new videos in our CIPSEC YouTube channel. The first three of them are communication videos, promotional, useful for attendingdifferent kind of events, with three different duration, short medium and extended:

• Short: https://www.youtube.com/watch?v=0DIpSDlOPvE&feature=youtu.be
• Medium/Teaser: https://www.youtube.com/watch?v=vB0UATYfnoQ&feature=youtu.be
• Extended: https://www.youtube.com/watch?v=n2nGPkBBg4c&feature=youtu.be

Apart from these more business oriented videos, and to raise more awareness aboutthe project, the CIPSEC Consortium has produced a fourth video this year, explaining in a friendly and understandable way (animation) the cybersecurity challenges that critical infrastructure operators are facing and how CIPSEC’s proposed solution is able to bridge the existing gaps.

During the last six months, CIPSEC has been present in more than eight cybersecurity events. Some of the most notable ones are:

• Cyberwatching Concertation meeting, whereRodrigo Diaz from ATOS presented the CIPSEC project.
• The 54th TF-CSIRT meeting in Warsaw, Panos Chatziadam from FORTH presented CIPSEC project
• FORTH organized the 5th NIS 2018 Summer School, and CIPSEC was present in the poster session.

• CIPSEC was presented by WoS in at the Cybertech 2018 conference in Rome, Italy, in September 26th.
• WoS also presented CIPSEC IOT Solutions World Congress 2018 in Barcelona, Spain, in October 16th.
• CIPSEC was presented by CSI at the Cyber Security Week 2018 in The Hague, Netherlands, in November 3rd.
• ATOS also participated at the European Cybersecurity Forum in Krakow, Poland, on behalf of CIPSEC in October 8th.
• CIPSEC was present at the ICS Cybersec 2018 conference in Israel represented by COMSEC in November.
• Finally, the most important event where CIPSEC participated was the ICT 2018: Imagine Digital-Connect Europe event in Wien, Austria, in December 2018. In this event CIPSEC shared booth with six more cyber security projects covering the topic of IoT Security and Privacy. CIPSEC provided a prototype and demonstrated a collection of scenarios where different attacks were detected by CIPSEC.

• CIPSEC Sixth General Assembly meeting. The meeting was hosted by WoS in Barcelona in May 8-9, 2018, and it included a collocated presentation of theproject to CIPSEC’s external advisory board.

• CIPSEC Seventh General Assembly Meeting. The meeting was held successfully in October 17-18, 2018 in Frankfurt Germany and was organizedby DB.

Co-located with the seventh general assembly, the CIPSEC Consortium organized a training session addressed to Deutsche Bahn staff, held in DB premises in Frankfurt on October 18.

Taking advantage of the seventh general assembly the consortium also organized a CIPSEC exploitation workshop in Frankfurt on October 18-19, with around 20 participants. Partners presented the business plans for six individual commercial products, as well as the partners investigated the possible ways of joint exploitation.

The 3rd CIPSEC Workshop International workshop on Information & Operational Technology (IT & OT) security systems, IOSec 2018 was organized by UoP in collaboration with TUD collocated with the 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2018), on September 13, 2018, in Heraklion, Crete, Greece. The IOSec 2018 workshop technical program included 12 research papers, 5 of them from CIPSEC partners, as well as included an invited talk by Dr Petros Efstathopoulos from Symantec Research Labs (SRL).

During this period, the CIPSEC consortium achieved the publication of:

15 new conference/workshop papers or posters:

• “A Flexible Leakage Trace Collection Setup for Arbitrary Cryptographic IP Cores” by A. Moschos, A.P. Fournaris, O. Koufopavlou from UoP on the IEEE International Symposium on Hardware Oriented Security and Trust 2018 (IEEE HOST 2018)
•  “Reliable Monitoring of Cloud Services” by Heng Zhang, Jesús Luna García, Neeraj Suri and Rubén Trapero from TUD and ATOS in IEEE SmartComp 2018.
• Trusted Hardware Sensors for Anomaly Detection in Critical Infrastructure System” by A. P. Fournaris, K. Lampropoulos, O. Koufopavlou from UoP, on the 7th International Conference on Modern Circuits and Systems Technologies (MOCAST) on Electronics and Commuications 2018.
• “A Genetic Algorithm for Obtaining Memory Constrained Near-Perfect Hashing”, Dan Domnita and Ciprian Oprisa from BD presented at International Conference on Automation, Quality and Testing, Robotics.
• “Flashlight: A Novel Monitoring Path Identification Schema for Securing Cloud Services”, Heng Zhang, Ruben Trapero, Jesus Luna, Neeraj Suri, presented on the ARES 2018 conference.
• “A Composite Malicious Peer Eviction Mechanism for Super-P2P Systems”, Hatem Ismail, Stefanie Roos and Neeraj Suri from TUD on the Conference: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications.
• “Protecting Cloud-based CIs: Covert Channel Vulnerabilities at the Resource Level”, Tsvetoslava Vateva-Gurova, Salman Manzoor, Ruben Trapero and Neeraj Suri, from TUD and ATOS presented on the 3rd CIPSEC workshop (IOSec 2018).
   
• “A Secure and Efficient File System Access Control Mechanism (FlexFS)”, Jihane3rd Najar and Vassilis Prevelakis from AEGIS presented on the CIPSEC workshop (IOSec 2018).
• “Threat Modeling the Cloud: An Ontology Based Approach” Salman Manzoor, Tsvetoslava Vateva-Gurova, Ruben Trapero and Neeraj Suri from TUD and ATOS, presented on the 3rd CIPSEC workshop (IOSec 2018).
• “Automated Measurements of Cross-Device Tracking”, Konstantinos Solomos, Panagiotis Ilia, Sotiris Ioannidis and Nicolas Kourtellis from FORTH, presented on the 3rd CIPSEC workshop (IOSec 2018).
• “Full Content Search in Malware Collections”, Andrei Mihalca and Ciprian Oprisa from BD, presented on the 3rd CIPSEC workshop (IOSec 2018).
• “InfoLeak: Scheduling-based Information Leakage” Tsvetoslava Vateva-Gurova, Salman Manzoor, Yennun Huang and Neeraj Suri from TUD, presented on the The 23rd IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2018).
• “Security Analysis of the RaSTA Safety Protocol”, Markus Heinrich Jannik Vieten, Tolga Arul, Stefan Katzenbeisser from TUD on the IEEE Intelligence and Security Informatics (ISI) 2018.
• Poster: “Andromeda: A Trusted Execution Framework for Android Based on Secure Enclaves” Dimitris Karnikis and Sotiris Ioannidis from FORTH, on the Parallel Architectures and Compilation Techniques (PACT18) conference.
• Poster: “GHammer: A GPGPU Rowhammering Attack”, Georgios Anagnopoulos, Sotiris Ioannidis from FORTH, on the Parallel Architectures and Compilation Techniques (PACT18) conference.

3 journals publication:

• “Doesk-Anonymous Microaggregation Affect Machine-Learned Macrotrends?”, Ana Rodríguez Hoyos, José Estrada Jiménez, David Rebollo Monedero, Javier Parra Arnau, and Jordi Forné from UPC published on IEEE Access (Volume: 6), May 2018.
• “Network Topology Effects on the Detectability of Crossfire Attacks” by Christos Liaskos, Sotiris Ioannidis from FORTH, published on IEEE Transactions on Internet Forensics and Security Volume: 13, Issue: 7, July 2018.
• “Design and Leakage Assessment of Side Channel Attack Resistant Binary Edwards Elliptic Curve Digital Signature Algorithm Architectures”, Apostolos P.Fournaris, Charalambos Dimopoulos, Athanassios Moschos and Odysseas Koufopavlou from UoP, accepted for publication on Microprocessors and Microsystems, Volume 64, February 2019, Pages 73-87.

1 Magazine publication:

• “CIPSEC: A Commitment for the future of Critical Infrastructures”, Antonio Álvarez and Joaquín Rodríguez published in ERCIM News, October 2018.

Glossary:

• UPC prepared the CIPSEC glossary (terms used in deliverables of the project until M18). A New release of this glossary is being prepared to appear at the end of this year.

Survey:

• WoS prepared a Survey: “Security for Critical Environments” regarding the needs and wishes of critical infrastructures about Security solutions.

The main milestone of this work package in this period was:

• Prototype ready for the operation environment tests verified by means of deliverables D2.5 D2.6:
  • D2.5 Final Version of the CIPSEC Unified Architecture and Initial Version of the CIPSEC Framework Prototype
  • D2.6 CIPSEC Evaluation plan

Deliverable D2.5 covers three main topics: firstly, it documents the final version of the reference architecture, which was refined after being first published in D2.2 (M18). Secondly, it offers technical details regarding the first software release of the CIPSEC platform, i.e. the initial version of the CIPSEC Framework prototype. Finally, it addresses two important methodology aspects: the guidelines to be followed to integrate the components and the CIPSEC Framework extension, taking the architecture as a starting point.

In deliverable D2.6, justified the implementation of the CIPSEC framework. The main objective of this implementation is to allocate the different tools and to provide a full picture of the security level of the tested environment as well as offered mitigation,comprehensive security assessments of the critical infrastructure must be carried outboth before and after the deployment of the solution. This deliverable, also, presents a methodology and proposed tests to evaluate the security level of critical infrastructures. Finally, this deliverable presents the CIPSEC solution deployment and the prototype building phases that has been designed to demonstrate the CIPSEC framework.

From the last Newsletter, we have been progressing in the development of the unified framework. Now the CIPSEC dashboard allows to access registered users, for the time being we have four registered users, one for every one of the pilots and one for the prototype user. The tools included in the dashboard are:

• Anomaly Detection Reasoner
• Honeypots
• Anti-malware
• Jamming detector
• Anonymization tool

The services included in the dashboard are:

• Forensic service
• Vulnerability
• Contingency plan
• Training courses
• Updating and Patching

The main milestones of this work package for this period have been:

• Adapted and optimized solution for the selected pilots verified by means of deliverables:
  • D3.5 Pilot I Integration Incident Response for Railway use case
  • D3.6 Pilot II Integration: Hospital´s Operational Technology Management System use case
  • D3.7 Pilot III Integration: Air Quality Monitoring System use case
    This milestone and the different deliverables describe the efforts carried out and the needed steps to deploy the CIPSEC platform in each one of the pilots. These steps are deployment, integration and validations.
• Final report on CIs intra/interdependencies analysis verified by means of the deliverable:

  • D3.8 CIPSEC Intra / Inter dependencies Analysis Report
    After the identification of possible cascading effect performed in D3.4, in this milestone and the corresponding deliverable we tried to identify some non-secondary aspects, that were not included in D3.4, such as dependability described as the measure of some features including security. The use of the agent-based model or ABM investigation tool is also proposed, deploying realistic scenarios of events that can intervene on critical infrastructures seen as Complex Adaptive System. The collection of information deriving from the analysis of Inter and Intra dependencies will be one of the bases for the definition of pilot tests before and after the adoption of CIPSEC solutions.

    

    CSI pilot: cascading effect due to the alteration of data

• List of policies for the CIPSEC prototype verified by means of deliverable:
  • D3.9 Complete Complexity Analysis
    The main contribution of this milestone and the corresponding deliverable is the revision of the proposed CIPSEC architecture (general solution) and the comparison with the tailor-made CIPSEC solution (particular solution for each pilot) against security solutions which are based on individual products. The conclusion is that the CIPSEC framework is flexible enough to fit any critical infrastructure after tailoring and customizing it according to the particular needs and characteristics, as presented with potential examples as well as actual examples taken from the pilots. Secondly, we can spot several advantages of the CIPSEC solution compared to an individual products deployment, as mentioned above.

This WP focuses on the efforts required to build a working prototype to run onoperational CI scenarios, and the milestones achieved for this period have been:

• Trials settings and configuration verified by means of the deliverable:

  • D4.1 Trial scenario definitions and evaluation methodology specification

    This milestone and deliverable focus on the detailed description and definition of test scenarios that show the performance and the capabilities of the CIPSEC framework, as well as, on a methodology for the evaluation and validation of the project results. In addition, in this document an initial planning of the CISEC framework deployment is performed that will be further refined in next WP4 deliverables and especially D4.4. The main methodology followed for preparing this test scenarios has been:

  • Establish a common and systematic way of describing test scenarios.
  • Adopt a methodology used to evaluate test results and the effectiveness of the CIPSEC framework.
  • Describe composite test scenarios that cover a wide range of the CIPSEC framework capabilities.

• System ready for the experimentation verified by means of deliverable:

  • D4.2 System ready for validation activities

    To perform the final experimentation in the three pilots we need to identify the gaps between the planning of the tests (proposed in D4.1) to be carried out in the three pilots upon the deployment of the tools, and the final test reports (to be provided by D4.3), including all changes to the test specifications of the integrated products and services (the complete security framework).We also report the configuration of the deployed solutions per pilot. It is shown and documented that each deployed solution works correctly and is able to communicate with the CIPSEC framework.

    

    Trial Specifications for DB Pilot