Security in transnational interoperable PPDR communications: threats and requirements

The relevance of cross border security operations has been identified as a priority at European level for a long time. A European network where Public Protection and Disaster Relief (PPDR) forces share communications processes and a legal framework would greatly enforce response to disaster recovery and security against crime. Nevertheless, uncertainty on costs, timescale and functionalities have slowed down the interconnection of PPDR networks across countries and limited the transnational cooperation of their PPDR forces so far. In this context, the European research project ISITEP is aimed at developing the legal, operational and technical framework to achieve a cost effective solution for PPDR interoperability across European countries. Inter alia, ISITEP project is specifying a new Inter-System-Interface (ISI) interface for the interconnection of current TETRA and TETRAPOL networks that can be deployed over Internet Protocol (IP) connectivity. This approach turns communications security as a central aspect to consider when deploying the new IP ISI protocol between PPDR national networks. Ensuring that threats to the interconnected communications systems and terminals are sufficiently and appropriately reduced by technical, procedural and environmental countermeasures is vital to realise the trusted and secure communication system needed for the pursued PPDR transnational cooperation activities. In this context, this paper describes the framework and methodology defined to carry out the development of the security requirements and provides a discussion on the undertaken security risk and vulnerability analysis.Peer ReviewedPostprint (author's final draft

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

FPGA based remote code integrity verification of programs in distributed embedded systems

The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems