Cyber Security and Privacy
Jovan Golić
CySeP Winter School, Stockholm, 2014
• EIT ICT Labs is one of the first Knowledge and Innovation Communities set up in 2010 by the European Institute of Innovation and Technology (EIT), as an initiative of the European Union, motivated by an urgent need to strengthen the ICT competence in Europe
• EIT ICT Labs’ mission is to drive European leadership in ICT innovation for economic growth and quality of life: • by linking Education, Research & Business • through 8 thematic + 2 educational action lines, co-location centers,
network of partners, and business development accelerator for start-ups and SMEs
• Finalization stages of research & innovation aiming at bringing to market innovative ICT products and services are funded through 1-year projects conducted by the partners, together with others through sub-granting (up to 60k€) and sub-contracting
EIT ICT Labs
http://www.eitictlabs.eu
• Cyber security can generally be considered as information/data security in cyberspace
• In practice, it is resp. related to offensive and defensive techniques that can be used for performing attacks or defences
• Defensive techniques can be attack-based (e.g. anti-malware signature-based techniques or security patches against SW vulnerabilities) or generic (e.g. anomaly-based/behaviour-based techniques); the latter are more effective against unknown attacks and less effective against known attacks
• Techniques include traffic or event monitoring, data analytics, attack detection and prevention (gateways, firewalls, IDS/IPS), tracking, tracing, incident management & emergency response, information sharing (SOCs and CERTs), security policies, and risk management
• Attacks can aim at DoS/DDoS, fraud, malfunctioning, physical damage (cyber physical systems), defamation, data theft, terrorism, cyberwar; they appear to evolve exponentially!
• Current situation and trends are unsatisfactory!
Cyber Security
• Data integrity – data received/retrieved in original form • via secret tag for detection of unauthorized changes
• Data confidentiality – data intelligible only to desired entities • via secret reversible transformation of data
• Data availability – data available on request • via redundancy, dynamic testing, recovery
• Entity authentication and identification – of entities (e.g., persons, organizations, things) creating, sending, receiving, or retrieving data • via verification of real-world physical/logical attributes and time of
communication, authentication protocols• Security is relative to attacks – types, objectives, impact, scale• Security is relative to attackers – skills, sophistication, resources• Security has a cost – widespread usage reduces the costs and enables
security-by-design• Security as a business opportunity rather than an obstacle
Data Security
• Data privacy is about the security of personal data and of any sensitive data regarding citizens, private or public companies, institutions, and organizations (e.g., IoT data, industrial secrets)
• Data privacy is also about the user’s control of sensitive data according to the minimality principle
• Minimality principle: Sensitive data should be controlled by the user during the whole lifecycle and disclosed to the lowest possible extent for a minimum period of time only to entities and for purposes authorized by the user. Ideally, this principle should guide the balance between data disclosure and usability. Rarely applied in practice.
• One reason is massive user profiling by online service providers, since user data has market value. Another reason is the surveillance and lawful interception by government agencies and law enforcement authorities to help detect and monitor social threats, and detect, track, and investigate criminal or terrorist activities.
• Alert: Massive user profiling becomes massive citizen profiling if identity attributes are associated with user profiles
Data Privacy - 1
• Protect data privacy against insider attacks: traceable system administrator interventions, integrity of logs and audit trails, strong authentication, shared access & control, separation of duties
• Privacy paradigm shift: • Enforce the minimality principle • Support data privacy by practical advanced cryptographic
techniques, including privacy-preserving data mining and profiling, secure multiparty computation, practical homomorphicencryption, secret sharing, threshold cryptography, anonymization, anonymity protocols, anonymous credentials, attribute-based encryption, format- and syntax-preserving encryption, searchable encryption, end-to-end encryption, and SW obfuscation, in addition to traditional techniques
• Address accountability by techniques for revocable anonymity• Protection of sensitive data requires privacy-aware security
platforms and mechanisms in both software and hardware• N.B. Data protection laws depend on physical location of data!
Data Privacy - 2
• Level of confidence that a product or service or process in digital world is functioning accordingly – relative, conditional, time dependent
• Has a subjective component and an objective component, which can be called trustworthiness
• Best practices and reputation are fundamental• The problem is that data security is complex, relative,
conditional, difficult to verify• Trust + Distrust + Uncertainty = 1• Increase trust directly or by decreasing distrust or uncertainty• Factors: policies and agreements, liability, reputation, best practices,
assurance levels, technical and technological assurance, transparence, verifiability, auditing, cost-effective certification, information sharing, awareness, knowledge
Digital Trust
• Mission: Support users and businesses in protecting their digital assets and transactions, promoting robust and safe products and services that realize data privacy and security
• Privacy: Security & User’s Control of sensitive data• Minimality principle: Disclose sensitive data to a minimum extent• Misconception 1: Address cyber security by counteracting attacks
and SOCs/CERTs only• Misconception 2: Cyber security is possible without privacy• Strategy: Address cyber security and privacy proactively, by deploying
trustworthy and transparent innovative technologies bridging the gaps between available techniques and practice; promote «security & privacy by design» paradigm; raise social awareness
• Priorities 2014-2016:• Privacy-aware federated ID management & strong authentication• Data privacy in online/mobile applications, services & communications• Protection against malicious software & intrusion detection/prevention on
computing devices, especially on mobile platforms
Action Line for Privacy, Security & Trust
• Standardized cryptographic algorithms and protocols used for data security are subject to public scrutiny and trustworthy
• Many proprietary ones turned out to be weak after being exposed• Software products (operating systems, middleware,
applications) are frequently proprietary and obfuscated; trustworthiness w.r.t. data security is then not well anchored
• SW and SW updates can be authenticated/certified by digital signatures issued by using trusted public keys
• Reduce SW vulnerabilities by applying security by design: develop SW by using static and/or dynamic formal methods
• Untrusted applications can be separated from the trusted ones, by using trusted execution environment or virtualization
• Detection of malicious applications and intrusions on end-point devices is currently not sufficiently effective!
Software Security
• Virtualization is fundamental for cloud services; it can also be done on end-point devices, even in constrained environment
• Hypervisor is SW running on host platform, for generating and supporting guest Virtual Machines (VMs)
• Isolation of guest VMs is fundamental for virtualization security• Proving the isolation and other properties of hypervisor by
formal security analysis is a challenge• Hypervisor can be transparent and open for verification or
certified; this can significantly improve trustworthiness• Assuming that the host platform is trusted, security of guest VMs and
distributed middleware (intrusion and anti-malware protection including APTs) can be efficiently controlled by the monitoring SW process running on the host
• Virtual monitoring and IDS can be introduced on the network level
Virtualization Security
• ICT system can be secure on SW level, but insecure on HW level • Strong HW platforms and architectures (including self-checking
circuits) are important, especially w.r.t. sophisticated attackers• Transparent and auditable HW fabrication facilities are
preferable, but difficult to implement• HW devices connected to the cloud (IoT), such as smart meters and
various sensors, especially if they generate sensitive data, need to be strongly authenticated/identified by using cryptographic keys and/or chip templates such as Physical Unclonable Functions (PUFs)
• Such devices should better be run on open or standardized OS guided by the simplicity and security principles
• Secure key generation & management (HSM, secure element)• Usage of HW security tokens (HST) for strong user-to-HST-to-
cloud authentication; the same HST for multiple keys• HW/SW implementations of cryptographic algorithms and protocols
running on sensitive data should be resistant to side-channel attacks
Hardware Security
• ICT business at risk: The worldwide ICT security technology and services market is growing more than 11% annually, to reach €92 billion in 2017. By 2020, it is estimated that €440 billion of the added value is at risk if the leveraged data are not appropriately protected.
• Significant market opportunities: Market share of European companies in industry solutions for data security and privacy (≈16.5%) is lagging behind their global ICT market share (≈25%).
• This is possibly due to fragmented national regulations and government control, as cyber security and privacy are considered to be matters of national security and safety. European technology solutions in this area potentially have a comparative advantage with respect to trustworthiness.
• In after-Snowden era, enterprises, institutions, and organizations hesitate to send their sensitive data to the cloud. This implies that the business opportunities for deploying innovative solutions offering higher assurance for data privacy are significant.
Business Opportunities
Priority 1: Secure and Privacy-aware E-authentication and Digital Identity Management (1)
Widely adopted and deployed innovative solutions for secure and privacy-aware federated e-authentication and e-identification of physical or logical entities (e.g., persons, organizations, things, services) via online or wireless communications will create a basis for more secure, authentic and trustworthy products
and services, cross-nationally and nationally a springboard for trusted personal data management more trust among people and organizations in Europe without violating the privacy of users as citizens!Build on existing cross-border projects and initiatives, e.g.,
STORK, ABC4Trust, FutureID, GBA, OneAPI, EEMA, Kantara, FIDON.B. Single sign-on and federated e-ID facilitate user or
citizen profiling via linking!
Priority 1: Secure and Privacy-aware E-authentication and Digital Identity Management (2)Relevant techniques includeStrong, multi-factor authentication (beyond password-only)Privacy-preserving biometric authentication of persons and
physical authentication of things (e.g., biometric encryption)Device usage profilingCryptographic authentication protocols, credentials, certificatesPrivacy-aware identity federation and attribute sharing,
anonymous credentialsSecret sharing and shared access controlTrust & liability modelsRelevant technologies includeHardware & software security tokens, biometrics, PUFs, TPMs,
SIM cards, physically embedded digital signatures, NFC, QRcodes, monitoring & anti-fraud technologies
Priority 2: Protection of Data Privacy in Online and Mobile Applications, Services and Communications (1)Data privacy essentially means that user controls usage
of related sensitive data during its whole life cycle, with the minimality principle guiding the balance with usabilityNot only personal data, but also industrial secrets!Privacy = security & control of sensitive data Data are easy to copy Support by legislation or regulation is necessary, but is
difficult to correctly implement in practice Current practice is unsatisfactory, especially for ordinary
people and with respect to sophisticated adversaries!Paradigm promoted: support data privacy by validated
technical & technological means wherever practically possible, in addition to transparent, human-understandable, and machine-readable privacy policies
Priority 2: Protection of Data Privacy in Online and Mobile Applications, Services and Communications (2)
Relevant cryptographic techniques include Local storage and computationAnonymization & pseudonymizationData aggregation Anonymity protocols Privacy-preserving data mining and profiling Secret sharing and shared controlThreshold cryptography Secure multiparty computation Practical homomorphic encryption Attribute-based encryption and searchable encryption End-to-end encryptionZero-knowledge protocols
Priority 2: Protection of Data Privacy in Online and Mobile Applications, Services and Communications (3)
Relevant technologies includeHardware security tokensHardware and software solutions for end-to-end securityDistributed databases and serversPrivacy-aware operating systems and software platformsVirtualization Secure hardware platforms Cost-effective certification & auditing procedures
Priority 3: Mobile Cyber-Security, Addressing Malicious Software in Mobile and Online Applications (1)
Privacy-preserving intrusion detection & prevention and protection against malicious software (malware) on end-point computing devices (e.g., smartphone, tablet, PC) is an aspect of cyber security and privacy of ever increasing importance, especially in mobile scenariosSmart mobile devices typically contain both personal
data and sensitive business-related dataMalicious or potentially dangerous apps for mobile
devices rapidly multiply and evolveExisting solutions are partial and fragmented and do not
appear to be sufficiently effective, especially with respect to sophisticated attackers and on mobile platforms
Priority 3: Mobile Cyber-Security, Addressing Malicious Software in Mobile and Online Applications (2)
Relevant techniques include Local, distributed, or centralized methods Privacy-preserving intrusion detection/prevention Kernel-level anti-malware protection Detection/prevention of advanced persistent threats Sandboxing Behaviour-based malware detection Combined client-based and cloud-based solutions for
malware detection on mobile devices Privacy-aware process monitoring on computing devices Trustworthy apps Machine learning techniques for sophisticated intrusion
detection
Priority 3: Mobile Cyber-Security, Addressing Malicious Software in Mobile and Online Applications (3)
Relevant technologies include Privacy-aware operating systems Virtualization and virtual machines Secure microkernels and hypervisors Multiple operating systems Trusted hardware platforms, secure elements, and
trusted execution environment Secure graphical user interfaces Dedicated memory encryption Sensitive data protection in case of device stealing Hardware security tokens
Applications
User profilingSocial networks E-commerce and e-paymentE-government and e-signaturesE-voting and e-democracyE-health and wellbeingSmart spaces, smart cities & communitiesCyber-physical systemsConnected vehicles, mobilitySmart energyCloud computing and storagePersonal data management Intellectual property licensing Internet of thingsBig data analytics