Modelling of Hazards Effect on Safety Integrity of Open Transmission Systems

The paper is concerned with safety appraisal of safety-related communication systems (SRComSs) with open transmission system, where except in addition to message transmission integrity also confidentiality is recommended to be provided. The authors focused on safety analysis of safety-related messages transmission secured using cryptographic and safety code mechanisms and on the possibilities of modelling safety-related industrial communication system, where a high safety integrity level SIL3 is required to be guaranteed. The paper features mathematical procedures to calculate the rate of hazardous transmission failure of safety-related messages in the result of electromagnetic interference (EMI) effects in the communication channel and by the presence of random hardware failures of SRComS. The theoretical techniques and safety analyses emerge from risk analysis and are compared with the knowledge gained by the authors during safety verifications of such systems for transportation applications. It is a little explored area, because the standards concerning safety-related control systems (SRCSs) did not support any cryptography-based methods. A quantitative safety integrity analysis of SRComS is based on utilisation of Markov's processes. The proposed Markov's model is applied on an open transmission system built on the IEEE 802.11g standard, which is complemented by cryptographic and safety code. The calculations are performed using Mathematica software tool. The proposed base model is universal and can be modified (simplified) in dependence on the parameters of a specific SRComS

Security during Transmission of Data Using Web Steganography

The project entitled Steganography is to give security to a content record. Since the security of the data over the internet has raised a concern to the people. There are many methods to protect the data from going into the access of unauthorized people. Steganography can be used along with the encryption technique to secure the data. Steganography is used to hide the data or a secret message whereas cryptography is used to encrypt the message and make it difficult the people to read. So, the proposed system is to combine both steganography and cryptography for the secret data transmission. The transmission can be done by using an image as a carrier of data. This paper uses high-performance BMP steganography along with a substitution encryption methodology. The approach that is used here is IDEA (International Data Encryption Algorithm) algorithm which is used for encryption. The IDEA algorithm works as follows, it will take the TEXT document and mystery key as the input and gives the encrypted and BMP picture as the output for the sender side. There can additionally be “Voice Recognition System” framework so that it can use voice to decrypt the message. This is the future expansion or scope of this paper

Cryptographic security mechanism of the next generation digital tachograph system

JRC is in the process of evaluating the impact of update of the cryptographic security mechanisms for the next generation Digital Tachograph. The purpose of this document is to give background information about the cryptographic security mechanisms and vulnerabilities regarding the security mechanisms of the current Digital Tachograph System along with suggestions for the next generation Digital Tachograph security mechanisms. This document can be referred as an important reference to update the technical appendixes of the Tachograph regulation.JRC.G.7-Digital Citizen Securit

Security protocols suite for machine-to-machine systems

Nowadays, the great diffusion of advanced devices, such as smart-phones, has shown that there is a growing trend to rely on new technologies to generate and/or support progress; the society is clearly ready to trust on next-generation communication systems to face today’s concerns on economic and social fields. The reason for this sociological change is represented by the fact that the technologies have been open to all users, even if the latter do not necessarily have a specific knowledge in this field, and therefore the introduction of new user-friendly applications has now appeared as a business opportunity and a key factor to increase the general cohesion among all citizens. Within the actors of this technological evolution, wireless machine-to-machine (M2M) networks are becoming of great importance. These wireless networks are made up of interconnected low-power devices that are able to provide a great variety of services with little or even no user intervention. Examples of these services can be fleet management, fire detection, utilities consumption (water and energy distribution, etc.) or patients monitoring. However, since any arising technology goes together with its security threats, which have to be faced, further studies are necessary to secure wireless M2M technology. In this context, main threats are those related to attacks to the services availability and to the privacy of both the subscribers’ and the services providers’ data. Taking into account the often limited resources of the M2M devices at the hardware level, ensuring the availability and privacy requirements in the range of M2M applications while minimizing the waste of valuable resources is even more challenging. Based on the above facts, this Ph. D. thesis is aimed at providing efficient security solutions for wireless M2M networks that effectively reduce energy consumption of the network while not affecting the overall security services of the system. With this goal, we first propose a coherent taxonomy of M2M network that allows us to identify which security topics deserve special attention and which entities or specific services are particularly threatened. Second, we define an efficient, secure-data aggregation scheme that is able to increase the network lifetime by optimizing the energy consumption of the devices. Third, we propose a novel physical authenticator or frame checker that minimizes the communication costs in wireless channels and that successfully faces exhaustion attacks. Fourth, we study specific aspects of typical key management schemes to provide a novel protocol which ensures the distribution of secret keys for all the cryptographic methods used in this system. Fifth, we describe the collaboration with the WAVE2M community in order to define a proper frame format actually able to support the necessary security services, including the ones that we have already proposed; WAVE2M was funded to promote the global use of an emerging wireless communication technology for ultra-low and long-range services. And finally sixth, we provide with an accurate analysis of privacy solutions that actually fit M2M-networks services’ requirements. All the analyses along this thesis are corroborated by simulations that confirm significant improvements in terms of efficiency while supporting the necessary security requirements for M2M networks

Ticket to ride: an investigation into the use of blockchain technology in the rail industry

The rail industry in Great Britain is undergoing a renaissance. Rising passenger numbers, a steady freight industry, and numerous planned projects make this an exciting time to be involved. Nonetheless, the network relies upon many legacy systems that impede progress. This stifling of progress is noticeable in the digital domain in particular, where a cluster of impractical formats and systems leave swathes of data with untapped potential. The search for interoperability in the industry is not a new one; many have conducted investigations and projects, to no avail. Blockchains are an exciting new avenue of technology and are beginning to disrupt various industries. Despite this, few investigations exist into the potential use of the technology in the rail industry. From a purely technical perspective, the distributed nature of the technology has the potential to overcome the issues of data centralisation and the lack of trust amongst stakeholders. Nevertheless, as a new technology, it is not yet fully understood by those in the industry. This lack of understanding is a barrier to adoption and is as essential to consider as the technical implications. This thesis proposes a new model to aid the decision-making process of those seeking to use blockchain. We validate this model by utilising it for two rail-specific use cases. The first is to build a marketisable data-sharing platform for rail industry data. Within this project, we investigate both classical and post-quantum cryptographic approaches to the platform. The second is a brand new approach digital ticketing for the GB rail network, to initiate the process of replacing the legacy ticketing systems still in operation. We use blockchain technology as the core data store to achieve this. We demonstrate the viability of both use cases, supporting the appropriate deployment of blockchain technology in the rail industry

Cloud Computing: Challenges And Risk Management Framework

Cloud-computing technology has developed rapidly. It can be found in a wide range of social, business and computing applications. Cloud computing would change the Internet into a new computing and collaborative platform. It is a business model that achieves purchase ondemand and pay-per-use in network. Many competitors, organizations and companies in the industry have jumped into cloud computing and implemented it. Cloud computing provides us with things such as convenience, reduced cost and high scalability. But despite all of these advantages, there are many enterprises, individual users and organizations that still have not deployed this innovative technology. Several reasons lead to this problem; however, the main concerns are related to security, privacy and trust. Low trust between users and cloud computing providers has been found in the literature

Quarantine-mode based live patching for zero downtime safety-critical systems

150 p.En esta tesis se presenta una arquitectura y diseño de software, llamado Cetratus, que permite las actualizaciones en caliente en sistemas críticos, donde se efectúan actualizaciones dinámicas de los componentes de la aplicación. La característica principal es la ejecución y monitorización en modo cuarentena, donde la nueva versión del software es ejecutada y monitorizada hasta que se compruebe la confiabilidad de esta nueva versión. Esta característica también ofrece protección contra posibles fallos de software y actualización, así como la propagación de esos fallos a través del sistema. Para este propósito, se emplean técnicas de particionamiento. Aunque la actualización del software es iniciada por el usuario Updater, se necesita la ratificación del auditor para poder proceder y realizar la actualización dinámica. Estos usuarios son autenticados y registrados antes de continuar con la actualización. También se verifica la autenticidad e integridad del parche dinámico. Cetratus está alineado con las normativas de seguridad funcional y de ciber-seguridad industriales respecto a las actualizaciones de software.Se proporcionan dos casos de estudio. Por una parte, en el caso de uso de energía inteligente, se analiza una aplicación de gestión de energía eléctrica, compuesta por un sistema de gestión de energía (BEMS por sus siglas en ingles) y un servicio de optimización de energía en la nube (BEOS por sus siglas en ingles). El BEMS monitoriza y controla las instalaciones de energía eléctrica en un edificio residencial. Toda la información relacionada con la generación, consumo y ahorro es enviada al BEOS, que estima y optimiza el consumo general del edificio para reducir los costes y aumentar la eficiencia energética. En este caso de estudio se incorpora una nueva capa de ciberseguridad para aumentar la ciber-seguridad y privacidad de los datos de los clientes. Específicamente, se utiliza la criptografía homomorfica. Después de la actualización, todos los datos son enviados encriptados al BEOS.Por otro lado, se presenta un caso de estudio ferroviario. En este ejemplo se actualiza el componente Euroradio, que es la que habilita las comunicaciones entre el tren y el equipamiento instalado en las vías en el sistema de gestión de tráfico ferroviario en Europa (ERTMS por sus siglas en ingles). En el ejemplo se actualiza el algoritmo utilizado para el código de autenticación del mensaje (MAC por sus siglas en inglés) basado en el algoritmo de encriptación AES, debido a los fallos de seguridad del algoritmo actual

A systematic development of a secure architecture for the European Rail Traffic Management System

The European Rail Traffic Management System (ERTMS) is a new signalling scheme that is being implemented worldwide with the aim of improving interoperability and cross-border operation. It is also an example of an Industrial Control System, a safety-critical system which, in recent years, has been subject to a number of attacks and threats. In these systems, safety is the primary concern of the system designers, whilst security is sometimes an afterthought. It is therefore prudent to assure the security for current and future threats, which could affect the safe operation of the railway. In this thesis, we present a systematic security analysis of parts of the ERTMS standard, firstly reviewing the security offered by the protocols used in ERTMS using the ProVerif tool. We will then assess the custom MAC algorithm used by the platform and identify issues that exist in each of the ERTMS protocol layers, and aim to propose solutions to those issues. We also identify a challenge presented by the introduction of ERTMS to National Infrastructure Managers surrounding key management, where we also propose a novel key management scheme, TRAKS, which reduces its complexity. We then define a holistic process for asset owners to carry out their own security assessments for their architectures and consider the unique challenges that are presented by Industrial Control Systems and how these can be mitigated to ensure security of these systems. Drawing conclusions from these analyses, we introduce the notion of a `secure architecture' and review the current compliance of ERTMS against this definition, identifying the changes required in order for it to have a secure architecture, both now and also in the future

European Cybersecurity Centres of Expertise Map - Definitions and Taxonomy

The Commission made a commitment in the Communication adopted in September to launch a pilot phase under Horizon 2020 to help bring national cybersecurity centres together into a network. In this context, the goal of this document is that of aligning the cybersecurity terminologies, definitions and domains into a coherent and comprehensive taxonomy to facilitate the categorisation of EU cybersecurity competencies.JRC.E.3-Cyber and Digital Citizens' Securit

Dagstuhl News January - December 2007

"Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic