Entity

Time filter

Source Type


Kilinc G.,Izmir Institute of Technology | Nai Fovino I.,Global Cyber Security Center
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2013

The security of the ICT (Information Communications Technology) components of industrial systems is gaining great importance in the context of their criticality for society at large. There is an urgent need for the consideration of security in their design, and for the analysis of the related vulnerabilities and potential threats. The high exposure of industrial critical infrastructure to such threats is mainly due to the intrinsic weakness of the communication protocols used to control the process network. The peculiarities of the industrial protocols (low computational power, large geographical distribution, near to real-time constraints) make hard the effective use of traditional cryptographic schemes and in particular the implementation of a effective key management infrastructure supporting a cryptographic layer. In this paper we present the first working prototype of a distributed key generation infrastructure for SCADA systems based on the well known identity based crypto-paradigm. © 2013 Springer-Verlag. Source


Baldini G.,European Commission - Joint Research Center Ispra | Fovino I.N.,Global Cyber Security Center | Braghin S.,Nanyang Technological University | Trombetta A.,University of Insubria
Security and Communication Networks | Year: 2013

Cognitive radio is a novel wireless communication technology that allows for adaptive configuration of the reception parameters of a terminal, based on the information collected from the environment. Cognitive radio technology can be used in innovative spectrum management approaches such as spectrum sharing, where radio frequency spectral bands can be shared among various users through a dynamic exclusive-use spectrum access model. Spectrum sharing can be applied to various scenarios in the commercial, public safety and military domain. In some scenarios, spectrum sharing demands a mechanism for expressing and enforcing access control policies for the allocation of resources including spectral bands. The access control polices should state what are the available resources (e.g., transmission/reception bandwidths), what are the users that are allowed to access them and under what conditions. However, because of the intrinsically highly dynamic nature of specific scenarios (e.g., public safety, military), where parties with various levels of authority may suddenly appear, it may be difficult to establish in advance what are the most suitable access control policies. Trust negotiation is a well-known approach for expressing and enforcing distributed access control policies that depend on two or more parties. In this work, we present a trust negotiation-based framework that allows for the definition of highly expressive and flexible distributed access control policies for the allocation of spectrum resources. Copyright © 2012 John Wiley & Sons, Ltd. Cognitive radio is a novel wireless communication technology that allows new spectrum management models, where radio frequency spectral bands can be shared among various users. Spectrum sharing demands a mechanism to regulate the allocation of spectrum resources in a secure way. In this paper, we present a trust negotiation-based framework that allows for the definition of highly expressive and distributed access control policies for the allocation of spectrum resources. © 2012 John Wiley & Sons, Ltd. Source


Kilinc G.,Izmir Institute of Technology | Fovino I.N.,Global Cyber Security Center | Ferigato C.,European Commission - Joint Research Center Ispra | Koltuksuz A.,Yasar University
IFAC Proceedings Volumes (IFAC-PapersOnline) | Year: 2012

The cyber-security of industrial control systems (ICS) is gaining high relevance due to the impact of industrial system failures on the citizen life. There is an urgent need for the consideration of security in their design, and for the analysis of the related vulnerabilities and potential threats. The high exposure of industrial critical infrastructure to cyber-threats is mainly due to the intrinsic weakness of the communication protocols used to control the process network. The peculiarities of the industrial protocols (low computational power, large geographical distribution, near to real-time constraints) make hard the effective use of traditional cryptographic schemes and in particular the implementation of an effective key management infrastructure supporting a cryptographic layer. In this paper, we describe a "model of distributed key generation for industrial control systems" we have recently implemented. The model is based on a known Distributed Key Generator protocol we have adapted to an industrial control system environment and to the related communication protocol (Modbus). To validate in a formal way selected security properties of the model, we introduced a Petri Nets representation. This representation allows for modeling attacks against the protocol and understanding some potential weaknesses of its implementation in the industrial control system environment. Source


Grant
Agency: Cordis | Branch: FP7 | Program: CP-FP | Phase: SEC-2013.2.5-2 | Award Amount: 3.75M | Year: 2014

Some progress has been made in understanding and managing cyber crime as well assessing its economic impact. Yet much remains to be done. Lack of co-ordination in law enforcement and legislation, lack of common consensus on the nature of cyber crime and lack of knowledge sharing and trust are just some of the issues that both afflict cyber crime responses and cloud our understanding of cyber crime. E-CRIME addresses these well-known problems, while analysing the economic impact of cyber crime and developing concrete measures to manage risks and deter cyber criminals in non-ICT sectors. E-CRIME does so by adopting an interdisciplinary and multi-level-stakeholder focused approach that fully integrates a wide range of stakeholders knowledge and insights into the project. First, the project will create a detailed taxonomy and inventory of cyber crime in non-ICT sectors and analyse cyber criminal structures and economies by combining the best existing data sources with specialist new insights from key stakeholders and experts. Second, E-CRIME will assess existing counter-measures against cyber crime in non-ICT sectors in the form of current technology, best practices, policy and enforcement approaches, and awareness and trust initiatives. Third, having mapped the as-is of cyber crime, the project will use available information and new data to develop a multi-level model to measure the economic impact of cyber crime on non ICT-sectors. Fourth, E-CRIME will integrate all its previous findings to identify and develop diverse, concrete counter-measures, combined in portfolios of inter-sector and intra-sector solutions, including enhancement for crime-proofed applications, risk management tools, policy and best practices, and trust and confidence measures. The analysis will proceed in close co-operation with relevant and diverse stakeholders. This will be achieved through conducting interviews and survey, organising workshops and setting up an E-CRIME Stakeholder Forum.


Leszczyna R.,Technical University of Gdansk | Fovino I.N.,Global Cyber Security Center | Masera M.,European Commission
IET Information Security | Year: 2011

This study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation of trust cases which provide valuable information for the end users of the infrastructure. Another new proposal is MAlSim - mobile agent-based simulator of malicious software (viruses, worms, etc). To the best of the authors' knowledge, such a simulator has not been proposed before. The present approach was applied to the verification of the security of industrial control systems and power plants. In the study, one of the experiments related to the security study of an information system of a power plant, a simulation of zero-day worm attack, is described. © 2011 The Institution of Engineering and Technology. Source

Discover hidden collaborations