Security and Trust in Safety Critical Infrastructures

Critical infrastructures such as road vehicles and railways are undergoing a major change, which increases the dependency of their operation and control on Information Technology (IT) and makes them more vulnerable to malicious intent. New complex communication infrastructures emerge using the increased connectivity of these safety-critical systems to enable efficient management of operational processes, service provisioning, and information exchange for various (third-party) actors. Railway Command and Control Systems (CCSs) turn with the introduction of digital interlocking into an “Internet of Railway Things”, where safety-critical railway signaling components are deployed on common-purpose platforms and connected via standard IP-based networks. Similarly, the mass adoption of Electric Vehicles (EVs) and the need to supply their batteries with energy for charging has given rise to a Vehicle-to-Grid (V2G) infrastructure, which connects vehicles to power grids and multiple service providers to coordinate charging and discharging processes and maintain grid stability under varying power demands. The Plug-and-Charge feature brought in by the V2G communication standard ISO 15118 allows an EV to access charging and value-added services, negotiate charging schedules, and support the grid as a distributed energy resource in a largely automated way, by leveraging identity credentials installed in the vehicle for authentication and payment. The fast deployment of this advanced functionality is driven by economical and political decisions including the EU Green Deal for climate neutrality. Due to the complex requirements and long standardization and development cycles, the standards and regulations, which play the key role in operating and protecting critical infrastructures, are under pressure to enable the timely and cost-effective adoption. In this thesis, we investigate security and safety of future V2G and railway command and control systems with respect to secure communication, platform assurance as well as safety and security co-engineering. One of the major goals in this context is the continuous collaboration and establishment of the proposed security solutions in upcoming domain-specific standards, thus ensuring their practical applicability and prompt implementation in real-world products. We first analyze the security of V2G communication protocols and requirements for secure service provisioning via charging connections. We propose a new Plug-and-Patch protocol that enables secure update of EVs as a value-added service integrated into the V2G charging loop. Since EVs can also participate in energy trading by storing and feeding previously stored energy to grid, home, or other vehicles, we then investigate fraud detection methods that can be employed to identify manipulations and misbehaving users. In order to provide a strong security foundation for V2G communications, we propose and analyze three security architectures employing a hardware trust anchor to enable trust establishment in V2G communications. We integrate these architectures into standard V2G protocols for load management, e-mobility services and value-added services in the V2G infrastructure, and evaluate the associated performance and security trade-offs. The final aspect of this work is safety and security co-engineering, i.e., integration of safety and security processes vital for the adequate protection of connected safety-critical systems. We consider two application scenarios, Electric Vehicle Charging System (EVCS) and Object Controller (OC) in railway CCS, and investigate how security methods like trusted computing can be applied to provide both required safety and security properties. In the case of EVCS, we bind the trust boundary for safety functionality (certified configuration) to the trust boundary in the security domain and design a new security architecture that enforces safety properties via security assertions. For the railway use case, we focus on ensuring non-interference (separation) between these two domains and develop a security architecture that allows secure co-existence of applications with different criticality on the same hardware platform. The proposed solutions have been presented to the committee ISO/TC 22/SC 31/JWG 1 that develops the ISO 15118 standard series and to the DKE working group “Informationssicherheit für Elektromobilität” responsible for the respective application guidelines. Our security extension has been integrated in the newest edition ISO 15118-20 released in April 2022. Several manufacturers have already started concept validation for their future products using our results. In this way, the presented analyses and techniques are fundamental contributions in improving the state of security for e-mobility and railway applications, and the overall resilience of safety-critical infrastructures to malicious attacks

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

Fraud detection in the banking sector : a multi-agent approach

Fraud is an increasing phenomenon as shown in many surveys carried out by leading international consulting companies in the last years. Despite the evolution of electronic payments and hacking techniques there is still a strong human component in fraud schemes. Conflict of interest in particular is the main contributing factor to the success of internal fraud. In such cases anomaly detection tools are not always the best instruments, since the fraud schemes are based on faking documents in a context dominated by lack of controls, and the perpetrators are those ones who should control possible irregularities. In the banking sector audit team experts can count only on their experience, whistle blowing and the reports sent by their inspectors. The Fraud Interactive Decision Expert System (FIDES), which is the core of this research, is a multi-agent system built to support auditors in evaluating suspicious behaviours and to speed up the evaluation process in order to detect or prevent fraud schemes. The system combines Think-map, Delphi method and Attack trees and it has been built around audit team experts and their needs. The output of FIDES is an attack tree, a tree-based diagram to ”systematically categorize the different ways in which a system can be attacked”. Once the attack tree is built, auditors can choose the path they perceive as more suitable and decide whether or not to start the investigation. The system is meant for use in the future to retrieve old cases in order to match them with new ones and find similarities. The retrieving features of the system will be useful to simplify the risk management phase, since similar countermeasures adopted for past cases might be useful for present ones. Even though FIDES has been built with the banking sector in mind, it can be applied in all those organisations, like insurance companies or public organizations, where anti-fraud activity is based on a central anti-fraud unit and a reporting system

Wastewater Based Microbial Biorefinery for Bioenergy Production

A rapid growth in various industries and domestic activities is resulting in a huge amount of wastewater. Various types of wastewaters, such as textile, municipal, dairy, pharmaceutical, swine, and aquaculture, etc., are produced regularly by respective industries. These wastewaters are rich in nutrient content and promote eutrophication in the ecosystem and pose a threat to flora and fauna. According to an estimate, eutrophication causes losses of almost 2 billion US dollars annually, affecting real estate and fishing activities. Treatment of wastewater is a costly process and recently wastewater treatment with simultaneous energy production has received more attention. Microorganisms can be used to recover nutrients from wastewater and produce bioenergy (biodiesel, biohydrogen, bioelectricity, methane, etc.). A better understanding of the composition of various types of wastewaters and the development of technologies like anaerobic digestion (AD), microbial fuel cell (MFC), and microbial electrolysis cell (MEC) can help to make wastewater-based biorefinery a reality. To provide an overall overview to students, teachers, and researchers on wastewater to bioenergy technology ten chapters are included in this book

Skyler and Bliss

Hong Kong remains the backdrop to the science fiction movies of my youth. The city reminds me of my former training in the financial sector. It is a city in which I could have succeeded in finance, but as far as art goes it is a young city, and I am a young artist. A frustration emerges; much like the mould, the artist also had to develop new skills by killing off his former desires and manipulating technology. My new series entitled HONG KONG surface project shows a new direction in my artistic research in which my technique becomes ever simpler, reducing the traces of pixelation until objects appear almost as they were found and photographed. Skyler and Bliss presents tectonic plates based on satellite images of the Arctic. Working in a hot and humid Hong Kong where mushrooms grow ferociously, a city artificially refrigerated by climate control, this series provides a conceptual image of a imaginary typographic map for survival. (Laurent Segretier

An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector

The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes

Easier to break from inside than from outside / Mai ușor să distrugi din interior decât din exterior

Abstract in English: This book contains concrete examples from history, economy, biology, digital world, nuclear physics, agriculture and so on about breaking a neutrosophic dynamic system (i.e. a dynamic system that has indeterminacy) from inside. We define a neutrosophic mathematical model using a system of ordinary differential equations and the neutrosophic probability in order to approximate the process of breaking from inside a neutrosophic complex dynamic system. It shows that for breaking from inside it is needed a smaller force than for breaking from outside the neutrosophic complex dynamic system. Methods that have been used in the past for breaking from inside are listed. Simulation and animation of this neutrosophic dynamical system are needed for the future since, by changing certain parameters, various types of breaking from inside may be simulated. Abstract in Romana: Această carte conține exemple concrete din istorie, economie, biologie, spațiu digital, fizică nucleară, agricultură și altele, de distrugere unui sistem neutrosofic dinamic (adică a unui sistem care are indeterminări), acționând din interiorul acestuia. Descriem un model neutrosofic matematic folosind un sistem de ecuații diferențiale ordinare și probabilitatea neutrosofică, cu scopul de a aproxima procesul de distrugere din interior a unui sistem neutrosofic dinamic complex. Se demonstrează că, pentru distrugerea din interior a unui astfel de sistem, este necesară o forță mai mică decât pentru distrugerea din exterior. Sunt enumerate metode folosite în trecut pentru distrugerea din interior. Simularea și animația acestui sistem neutrosofic dinamic sunt necesare pentru viitor, deoarece, schimbând diferiți parametri, se pot simula diferite tipuri de distrugeri din interior

Individual and group dynamic behaviour patterns in bound spaces

The behaviour analysis of individual and group dynamics in closed spaces is a subject of extensive research in both academia and industry. However, despite recent technological advancements the problem of implementing the existing methods for visual behaviour data analysis in production systems remains difficult and the applications are available only in special cases in which the resourcing is not a problem. Most of the approaches concentrate on direct extraction and classification of the visual features from the video footage for recognising the dynamic behaviour directly from the source. The adoption of such an approach allows recognising directly the elementary actions of moving objects, which is a difficult task on its own. The major factor that impacts the performance of the methods for video analytics is the necessity to combine processing of enormous volume of video data with complex analysis of this data using and computationally resourcedemanding analytical algorithms. This is not feasible for many applications, which must work in real time. In this research, an alternative simulation-based approach for behaviour analysis has been adopted. It can potentially reduce the requirements for extracting information from real video footage for the purpose of the analysis of the dynamic behaviour. This can be achieved by combining only limited data extracted from the original video footage with a symbolic data about the events registered on the scene, which is generated by 3D simulation synchronized with the original footage. Additionally, through incorporating some physical laws and the logics of dynamic behaviour directly in the 3D model of the visual scene, this framework allows to capture the behavioural patterns using simple syntactic pattern recognition methods. The extensive experiments with the prototype implementation prove in a convincing manner that the 3D simulation generates sufficiently rich data to allow analysing the dynamic behaviour in real-time with sufficient adequacy without the need to use precise physical data, using only a limited data about the objects on the scene, their location and dynamic characteristics. This research can have a wide applicability in different areas where the video analytics is necessary, ranging from public safety and video surveillance to marketing research to computer games and animation. Its limitations are linked to the dependence on some preliminary processing of the video footage which is still less detailed and computationally demanding than the methods which use directly the video frames of the original footage

Why Robot? Speculative design, the domestication of technology and the considered future

One of the enduring objects used to represent the technological future is the robot. This legacy means that its promise has the ability to evolve in accordance with our societal and cultural dreams and aspirations. It can reflect the current state of technological development, our hopes for that technology and also our fears; fundamentally though, after almost a century of media depictions and corporate promises, the robot is yet to enter our homes and lives in any meaningful way. This thesis begins by asking the question: how does an emerging technology (such as robotic) become a domestic product? In addressing this issue I draw from the theory of domestication and the method of speculative design to describe three possible technological journeys: how technology does not, does and could become a domestic product: 1. Technology does not make the transition from laboratory to domestic life. Robots have made countless departures from the habitat of the research laboratory, apparently headed towards the domestic habitat, but the vast majority never arrive. This observation leads to the identification of a third habitat and the current destination for the majority of proposed domestic robots – robot-related imaginaries. _6 In this theatre-like environment, robots exist as either promises or warnings of a potential technological future. The habitat includes technology fairs, laboratory open houses, news articles and the films and novels of science fiction. I conclude by suggesting reasons why these visions of the future so often fail to become domestic products. 2. Technology does make the transition from laboratory to domestic life. Borrowing from the science of ecology and biological concepts of evolution and domestication, I make an analogy between the shift of habitats that occurs when an organism successfully goes through the process of artificial selection (natural to domestic) and the transition an emerging technology makes in order to become a suitable product for domestic use (laboratory to domestic). 3. How technology could make the transition from laboratory to domestic life. This section makes up the core of the thesis as I describe speculative design and how it can be used to present more plausible depictions of near-future technological applications. By stepping out of the normative relationship that ties technological development to commercial markets, speculative design opens a space for alternative perspectives, critical reflection and an examination of contemporary and near-future technological application. Throughout the thesis these theoretical investigations run parallel to the practice-based element, allowing for interplay between the two. This resulted in three projects that exemplify the speculative design approach applied to robots, inviting dialogue and contemplation on what a preferable robotic future might be