presentation of project proposals and feedback from customers
TRANSCRIPT
Presentation of project proposals and
feedback from customers
Welcome to session III
DTIDSDigital Twin-based Intrusion Detection Systems
ITEA Cyber Security Day 2021
Emre Ege Smekal
3
PROJECT PROPOSAL:
DTIDSProblem Statement
▪ Eliminating all security vulnerabilities at the design time is infeasible
given the complexity of IoT systems
▪ Real-world IoT systems are heterogeneous, composed of devices
from different vendors
▪ Small-scale IoT devices have low security budget
▪ Specialized countermeasures usually protect against a particular type
of attacks only
Intrusion detection can be performed by an edge-like device, either at host or at the network level. As any reasonable attack will cause an anomalous behavior, the security breach will be
detected regardless of what specific vulnerability was exploited.
4
PROJECT PROPOSAL:
DTIDSChallenges for Intrusion Detection
Ever-increasing system complexity
Heterogeneous, multi-vendor components
System evolution, e.g., due to software updates
Distributed and decentralized architectures
In future systems, rule-based IDS solutions will struggle with high complexity, low transparency and evolutionary nature of software-driven, heterogeneous IoT products
5
PROJECT PROPOSAL:
DTIDSProject proposal description
Actual System Digital Twin
Data
𝐵′ == 𝐵?
Behavior 𝐵′ Behavior 𝐵
High precision & scalability
Low maintenance
Seamless integration
Continuous operation
Digital Twin – a virtual representation of the actual system throughout the entire system’s life cycle – enables a precise, low-maintenance, scalable intrusion detection for seamless &
continuous resilience
6
PROJECT PROPOSAL:
DTIDSKey selling pointsIn
novatio
n
Busi
ness
Impact•Digital Twin-based IDS
•High-precision intrusion
detection
•Low false positives rate
•Ease of maintenance
•Low maintenance cost &
ease of update
scalability
•Seamless integration into
existing monitoring systems
7
PROJECT PROPOSAL:
DTIDSPartners & expertise
▪ Partners involved
▪ Canada: iSecurity*, StreamWorx.AI Inc.
▪ Germany: Eclipse Foundation Europe GmbH, isb innovative software
businesses GmbH, NXP Semiconductors Germany GmbH, Robert
Bosch GmbH*, TWT GmbH Science & Innovation, University of Lubeck
▪ Portugal: Instituto Superior de Engenharia do Porto (ISEP)*,
SISTRADE Software Consulting, S.A., VIZELPAS - COMERCIO DE
ARTIGOS PLASTICOS LDA
▪ Turkey: Arcelik, ARD GROUP*, Bewell Technology San.Tic.A.S.,
ERARGE, Panasonic Life Solutions Elektrik San. ve Tic. A.S.
8
PROJECT PROPOSAL:
DTIDSContact details
▪ Yusuf Kursat TUNCEL
ARD Group
+90 (533) 964 81 44
▪ Ilay KURT
ARD Group
+90 (532) 280 50 76
ENTAEncrypted Network Analysis for Cyber Security
ITEA Cyber Security Day 2021
Dr. Biswajit Nandy
CTO, Solana Networks
10
PROJECT PROPOSAL:
ENTAMotivation
ENTA project explores solution based on encrypted network traffic characteristics analysis
▪ Key techniques will be based on AI
▪ Preserve end user privacy by avoiding payload data examination
▪ Solution will be scalable and in near real-time
HTTPS encryption on the web (Source: Google Transparency Report)
Nearly 90% of Internet traffic is encrypted
➢ Deep Packet Inspection is failing (TLS 1.3 has made it more difficult)
➢ Harder to distinguish between legitimate and illegitimate traffic
➢ Operators are unable
• to block illegal traffic
• to detect encrypted data exfiltration
• to detect rogue IoT devices with encrypted communication
11
PROJECT PROPOSAL:
ENTAState of the Art
Encrypted Application Visibility
▪ Academic research on ML based encrypted traffic classification exists since 2007
- It has not reached sufficient maturity to bridge into industrial solutions -- some major challenges exist
▪ More recently researchers are addressing some of these problems (DL, real-time etc.)
▪ Industry: Some DPI vendors got statistical analysis based detection
Rogue IoT device detection
▪ Academic research is underway since 2015 for IoT device discovery and rogue IoT detection
▪ IoT device discovery and tracking using ML is also proposed in 2018
▪ Industry: Very few vendors: Zvelo and Armis
Encrypted data exfiltration
▪ Encrypted threat detection – active academic research area
▪ Very recently researchers are focusing to address this problem DNS side channels – data exfiltration
▪ Industry: Malware detection or other threat detection – Cisco Stealthwatch, Gigamon ThreatINSIGHT, IronNet,
Darktrace etc.
12
PROJECT PROPOSAL:
ENTAENTA: Use Cases
➢ Encrypted application visibility
➢ Rogue IoT device detection
➢ Cyber threat detection (data exfiltration on encrypted side channels)
Encrypted Network Traffic Analytics
Privacy Protection
Data Science
Machine Learning
Deep LearningTLS
Fingerprinting
Rouge IoTDevice
Detection
Encrypted Application
Visibility
CyberThreat
Detection
Encrypted Network Traffic
13
PROJECT PROPOSAL:
ENTAProposed Solution
14
PROJECT PROPOSAL:
ENTAExpected Project Outcome
➢ The ENTA project will deliver an encrypted traffic analysis service platform for cyber
security. The platform will support a number of basic building blocks necessary for any
ML/DL based traffic analysis.
➢ Three use cases that are highlighted for the ENTA project will be demonstrated with
near product quality prototypes with following attributes:
▪ Highly scalability
▪ Near real-time performance
▪ Support traffic rate higher than 10Gbps
➢ Any of these use case can be brought to market as a standalone solution or tool:
1. Encrypted traffic classification
2. Rogue IoT device detection and tracking
3. Detection of data exfiltration on encrypted side channels
15
PROJECT PROPOSAL:
ENTAPartners
Company Country
Metodos y Technologia Spain
IDavinci Spain
APARA Creadores de Mercapus S.L Spain
KKB Kredi Kayit Burosu A.S. Turkey
Migros T.A.S. Turkey
Labris Networks Turkey
Ruag MRO Switzerland
IGS Hawkesbury Inc. Canada
Dalhousie University Canada
Solana Networks Canada
16
PROJECT PROPOSAL:
ENTAContact details
Dr. Biswajit Nandy
Solana Networks
Thank You!
CONTRASTCONtinuous engineering and TRustworthy operation
of Ai-enabled SysTems
ITEA Cyber Security Day 2021
Marc Zeller, Siemens AG
18
PROJECT PROPOSAL:
CONTRAST
Motivation
Engineering of systems incorporating AI
▪ Economic Drivers for using AI in Cyber-Physical Systems (CPS)
- Enabling new applications and services
- Reducing cost of doing business
- Increase speed of innovation
- Enabling continuous availability of products by reducing system downtimes
- Providing costumer trust in automated, AI-enabled systems
▪ Challenge: Engineering of systems incorporating AI and ensuring the
appropriate trust in operation for such systems poses new challenges
19
PROJECT PROPOSAL:
CONTRASTTrustworthiness *
*) VDE application rule VDE-AR-E 2842-61 “Development and Trustworthiness of autonomous/cognitive Systems”
20
PROJECT PROPOSAL:
CONTRASTSolution Concept
Engineering of AI-based CPS / systems-of-systems and guarantee trustworthy operation
▪ Specification and verification of system capabilities and trustworthiness properties
▪ Monitoring and analysis of capabilities and trustworthiness during operation
▪ Dynamic assessment of risks due to changing Operational Design Domain (ODD)
▪ Feedback loop based on filed observation to enable continuous improvement
Application to use cases in the transportation, industrial automation, and healthcare domain
21
PROJECT PROPOSAL:
CONTRASTAI-based CPS = new Security Challenges
▪ AI/ML is target to new kinds of attack- Data poising, model poising, Ml models with backdoors, etc.
- Exploitation of the physical environment
▪ Security threats are hazardous events- Safety concepts must take security issues into account
▪ AI/ML-based systems are developed iteratively and need to deal with uncertainty- Frequent updates require automated security and safety assessment
▪ AI/ML-based systems are developed by different vendors/suppliers and need to be integrated- Often AI/ML components are back-boxes supplied by different companies
- Security assurance cases can capture the security-related information and enable a (semi-)automated integration
▪ Cyber-physical Systems (-of-Systems) are heterogeneous and permanently connected to the Inter (IIoT)- Integration of newly deployed systems/components and legacy devices in manufacturing cindering security aspect
- Efficient key exchange/distribution mechanism in intelligent transportation
- End-to-end security design required
https://portswigger.net/daily-swig/trojannet-a-simple-yet-effective-attack-on-machine-learning-models
22
PROJECT PROPOSAL:
CONTRASTKey selling points
▪ Innovation- A well-defined semantic foundation for capability specifications as well as
specification models for engineers
- Generation of trustworthiness monitors from capabilities
- Reference architectures that support the envisioned runtime monitoring and adaption in various application domains
- Integration of the CONTRAST methods and tools into coherent engineering frameworks and development platforms that cover the whole engineering life-cycle
▪ Business Impact- Competitive products on the world stage
▪ USP for European products: quality made in Europe (Trustworthy AI)
- Having the right product at the right time and the right place▪ Being flexible, adaptable and configurable
- Reducing risk of rollout of systems (especially with embedded AI-elements)
- Convince certification/homologation authorities of autonomous, AI-based systems
23
PROJECT PROPOSAL:
CONTRASTPartners & expertise
▪ Partners involved
- Austria: Road Venture Innovation, TU Graz, University Graz
- Belgium: Siemens Industry Software
- Germany: Siemens, Fraunhofer, Bosch, SICK, DFKI, OFFIS, TU Ilmenau,
Arrival, Modelwise, AI4UandI
- Ireland: LERO/DKIT, Malone Group, iQuTech
- Netherlands: TNO-ESI, CANON, Philips, Thunderbyte.AI, Ratio Computer
Aided Systems Engineering
- Sweden: KTH, Scania, Zenseact, Syntell, Veoneer, Safety Integrity
- Turkey: AVL Turkey, Enforma, Bigtri, İSBAK
24
PROJECT PROPOSAL:
CONTRASTContact details
▪ Marc Zeller
Siemens AG
+49 (172) 103 60 65
NGASTNext Generation Automated Security Testing
ITEA Cyber Security Day 2021
Yusuf Kurşat Tuncel
26
PROJECT PROPOSAL:
NGASTProblem Statement
▪ Continuously increasing complexity combined with connectivity
results in a massive increase of IoT devices' attack surface
▪ But: resources for protecting IoT devices and IT systems don’t grow
at the same pace for economic reasons
▪ IoT device manufacturers and operators face the challenge of
defending a vastly larger attack surface with essentially the same
resources
To close this gap, methods and tools for automated security testing are needed to eliminate security weaknesses in software or APIs early in the development process.
27
PROJECT PROPOSAL:
NGASTChallenges for Automated Security Testing
Traditionally, manually operated tools
Large & fast changing software
Binary software components from 3rd parties
Distributed systems that rely on APIs
Comprehensive, IoT-scale automated security testing is difficult to implement using existing tools and methods.
28
PROJECT PROPOSAL:
NGASTProject proposal description
High degree of automation (CI/CD-ready)
Covers source code, binaries & APIs
Few to none false positives
Developer-friendly
Next generation CI/CD-capable automated security testing solution for source code, binaries, and distributed systems in the Internet of Things (IoT)
29
PROJECT PROPOSAL:
NGASTKey selling pointsIn
novatio
n
Business
Impact
▪ A u t o m a t e d s e c u r i t y t e s t i n g
▪ C o v e r s s o u r c e c o d e , b i n a r i e s a n d A P I s
▪ F e w t o n o n e f a l s e p o s i t i v e s
▪ E a s e o f u s e
▪ R e d u c t i o n o f v u l n e r a b i l i t y
d e t e c t i o n c o s t t h r o u g h
a u t o m a t i o n
▪ C o s t s a v i n g s t h r o u g h
e a r l y v u l n e r a b i l i t y
i d e n t i f i c a t i o n
▪ S e a m l e s s i n t e g r a t i o n i n t o
e x i s t i n g C I / C D p i p e l i n e s
30
PROJECT PROPOSAL:
NGASTPartners & expertise
▪ Partners involved
- Germany: AKKA DSO GmbH, Expleo Germany GmbH, Fraunhofer, Institut
für Automation und Kommunikation (IFAK), itemis AG, let's dev GmbH &
Co. KG, NXP Semiconductors Germany GmbH, Robert Bosch GmbH*,
Ruhr- Universität Bochum, TWT GmbH Science & Innovation, University of
Paderborn
- Sweden: Ericsson, Mälardalen University*
- Turkey: ARD GROUP*, Ericsson, SoftTech, Turkcell Teknoloji, UNIT
Information Technologies R&D Ltd.
31
PROJECT PROPOSAL:
NGASTContact details
▪ Yusuf Kursat TUNCEL
ARD Group
+90 (533) 964 81 44
▪ Ilay KURT
ARD Group
+90 (532) 280 50 76
Thank you for your attention