Posts

SAFEcrypto Deliverable D9.1 Case Study Specifications and Requirements added to Outcomes

SAFEcrypto Deliverable D9.1 Case Study Specifications and Requirements has been added to the Outcomes section and is available to download now.

The purpose of this document is to specify the case studies to be demonstrated in SAFEcrypto, and provide requirements that must be met by the technologies to be developed in Work Packages (WPs) 5-8. This specification of the case studies will also feed into WP3, in order to provide a basis for the vulnerability and risk analysis performed there.

This document specifies the three case studies used within SAFEcrypto:

  • Satellite Key Management – In this case study, satellites are considered as entities in a wider ‘network of space-based entities’, potentially involving other spacecraft, as well as on the ground multiple ground stations, Operational Control Centres (OCC) and end users. In terms of key management, each of these may need to establish keys with each other.
  • Commercial Off-The-Shelf (COTS) in Public Safety Communication – This case study aims towards the growing secure COTS communication marketplace. There is an increasing need for ‘critical communication’ markets (public safety, etc.) to require more secure communication but no longer have the economy of scale, nor budgets to build bespoke secure communication systems. Similarly, there are critical but insecure communication systems in operation (critical national infrastructure, power generation/grids, etc.) which will not encounter a technology refresh within a generation. In this case study we consider the possibility to ‘bolt on’ a security enabling component which can achieve this.
  • Privacy-Preserving Municipal Data Analytics – There are many areas in which analysis of large data sets owned by a governmental agency could provide significant opportunities for improvements in efficiency of operation, identification of fraud, government-citizen relationships, reduction of risk and other areas. The opportunity to derive insights from the large data sets owned by a government organization is greatly improved if the organization can invite academic and industry researchers to participate in collaborative analytics across the data set, both in shared projects and in sub-contracted projects. In this case study, we propose to use the SAFEcrypto cryptographic mechanisms, both to segment the data that it provides to the research participants and to protect information that may be subject to privacy concerns.

For each case study we provide a high level description, and assumptions about the scope and operating environment of the systems, or sub-systems, that we propose to consider in detail. A system architecture and corresponding security architecture are then provided. It is important to note that these architectures are not intended as detailed specifications of the systems, from which real development could take place. They are merely provided at the fairly low level of detail required to highlight the functionality used in each case study, and to generate the requirements for cryptographic algorithms and associated key management needed by WPs 3-8.

Based on the case study descriptions and architectures, requirements are then provided for the security solutions. These requirements cover functional requirements on the security solutions, non-functional requirements on the solutions (e.g. performance), and security assurance and certification requirements that may need to be kept in mind for the security solutions in the use-case context.

Cyber Security & Privacy Innovation Forum 2015

Cybersecurity & Privacy (CSP) Innovation Forum 2015

Two members of the SAFEcrypto project team will attend the Cybersecurity & Privacy (CSP) Innovation Forum 2015 which takes place in Brussels, Belgium on 28-29 April. Philip Mills and Gavin McWilliams, both from Queen’s University Belfast’s Centre for Secure Information Technologies (CSIT), are attending to showcase the work of the SAFEcrypto project consortium.

Full details regarding this event are outlined in the official Press Release below:

EU-Funded Cybersecurity and Privacy investment shortening the gap from research to innovation

  • Digital single market would create hundreds of thousands of jobs across a vibrant, knowledge-based EU society.

OVER 40 top tech, EU funded, trust and security projects with focused research activities in hot topical areas such as mobile devices technologies and tools, cloud security, cryptography and trustworthy network and services infrastructures are being showcased live at a major EU Innovation forum this week, where over 500 cyber security and privacy experts, project leaders, industry, academics and visionaries are also pooling their knowledge to create a safer and more secure ICT environment.

Over the past 9 years almost €361 million in EU funding has been invested in security and privacy research innovation, bringing together large industry, SME’s , public bodies and academics at an EU level to significantly improve and address the current and future cybersecurity and privacy issues faced by the end-citizen in the modern society we live in.

Their intensive work, with specific focus on technology transfer and impact, is helping shorten the gap between research and innovation as they work towards a digital single market, the 500 plus delegates at the Cybersecurity & Privacy (CSP) Innovation Forum 2015 will hear.

The EU-wide Forum is organised by the European Commission, DG CNECT (Unit H4 Trust & Security), the Cybersecurity & Privacy (CSP) Forum and supporting projects (IPACSO, TREsPASS, PRIPARE, A4CLOUD, SECURED, ATTPS). Collectively, all involved are helping foster a digital single market which experts say has the potential to create up to €250 billion in additional growth and hundreds of thousands of jobs across a vibrant, knowledge-based EU society.

Among the significant and most successful, pioneering projects featured in a comprehensive booklet produced for all delegates by the EU funded CSA project SecCord, “Security and Trust Coordination and Enhanced Collaboration” are success stories which include:

  • ACDC – an advanced cyber defence centre funded to the tune of €7.7 million which acts as a dedicated online service for EU citizens and informs them of cyber threats and botnets
  • SECURED – it received €2.7million and provides improved protection to the end user, whether they’re using a laptop which has plenty software to cover against threats, or a car entertainment system or smart television which has far less. Telefonica is already exploring how to use it and HP is interested in offering it on its network devices.
  • The Tabula Rasa – it got €4 million and its face recognition, software countermeasure team is working with world leader in biometric solutions, Morpho (Safran) on the project.
  • ABC4Trust – an €8.8 million privacy-preserving communications network which was successfully trialled in a Swedish school and is expected to be rolled out across a variety of EU public services and organisations.

The SecCord project examined EU-financed projects in detail and found that many of the European research projects in ICT security and trust have “been particularly successful in shortening the gap from research to innovation, thus creating the stepping stone for a vibrant market in secure and trustworthy ICT in Europe.”

Over the two day Brussels event, delegates will speak directly to the 41 pioneering teams showcasing and to the European Commission project and policy officers in this domain. They will network and discuss hot topics such as cybersecurity and privacy issues and how they are being dealt with on a daily level, impacting end users and industry. They will also actively debate potential solutions, future roadmaps and challenges that need to be considered now in order to address such concerns.

Trust and security in the digital world are the very foundations of a Digital Single Market according to Jakub Boratynski, Head of Unit of Trust and Security, DG CONNECT, European Commission in his contribution to the SecCord publication.

“Millions of EU citizens rely on the Internet for ever more services, while at the same time the digital world is still vulnerable. Technical failures and malicious attacks occur at alarming intervals and failure to respond to these incidents will mean consumers losing confidence in the digital world, businesses losing money and even national security being at stake.

“European citizens have to know and trust that the systems underpinning the digital world are safe and secure so they, and also business, can fully reap the benefits of the digital economy. The European Strategy on Cybersecurity sets out ways to strengthen network and information security across the EU to make Europe more trusted and secure online,” he said.

Mr Boratynski commended those involved in the SecCord project for the difficult task the team undertook in analysing the projects and presenting their findings in a comprehensive brochure for delegates. “European scientists and companies are working hard to make the journey to a trustworthy digital world,” he remarked.

The Brussels Forum includes addresses from European Commission experts, among them Zoran Stančič, Deputy Director-General; Giovanni Buttarelli, European Data Protection Supervisor, Paul Timmers. Director of the Sustainable & Secure Society Directorate and Jakub Boratynski Head of Unit, Trust and Security.

The EU-funded FP7 Research & Development Framework Programme has financed a host of ground-breaking industry and problem-focused R&D projects addressing the security and privacy of ICT.