ARIES WP3 – Needs and Requirements Analyses

Information and communication technologies have increasingly influenced and changed our daily life. They allow global connectivity and easy access to distributed applications and digital services over the Internet. This report analysis security requirements on trust establishment and trust evaluation based on two different use case scenarios: "Trusted Communication using COTS" and "Trust Establishment for Cross-organizational Crises Management". A systematic needs analysis is performed on both scenarios which haver resulted in a large and well documented set of requirements. This is the first step in a large effort to define a security architecture for the two use case scenarios.

IoT-HASS: A Framework For Protecting Smart Home Environment

While many solutions have been proposed for smart home security, the problem that no single solution fully protects the smart home environment still exists. In this research we propose a security framework to protect the smart home environment. The proposed framework includes three engines that complement each other to protect the smart home IoT devices. The first engine is an IDS/IPS module that monitors all traffic in the home network and then detects, alerts users, and/or blocks packets using anomaly-based detection. The second engine works as a device management module that scans and verifies IoT devices in the home network, allowing the user to flag any suspect device. The third engine works as a privacy monitoring module that monitors and detects information transmitted in plaintext and alerts the user if such information is detected. We call the proposed system IoT-Home Advanced Security System or IoT-HASS for short. IoT-HASS was developed using Python 3 and can be implemented in two modes of operation. The in-line mode allows the IoT-HASS to be installed in-line with the traffic inside a Raspberry Pi or a Router. In the in-line mode IoT-HASS acts as an IPS that can detect and block threats as well as alert the user. The second mode is the passive mode where IoT-HASS in not installed in-line with the traffic and can act as an IDS that passively monitors the traffic, detecting threats and alerting the user, but not blocking the attack. IoT-HASS was evaluated via four testing scenarios. It demonstrated superior performance in all testing scenarios in detecting attacks such as DDoS attacks, Brute Force Attacks, and Cross Site Scripting (XSS) Attacks. In each of the four test scenarios, we also tested the device management functionality, which we found to successfully scan and display IoT devices for the homeowner. The extensive evaluating and testing of IoT-HASS showed that IoT-HASS can successfully run in a small device such as a Raspberry Pi, and thus, it will most likely run in an embedded device as an IoT device. Our future research will concentrate on strengthening the current features of IoT-HASS to include additional functionalities

Identifying DOS attacks using data pattern analysis

During a denial of service attack, it is difficult for a firewall to differentiate legitimate packets from rogue packets, particularly in large networks carrying substantial levels of traffic. Large networks commonly use network intrusion detection systems to identify such attacks, however new viruses and worms can escape detection until their signatures are known and classified as an attack. Commonly used IDS are rule based and static, and produce a high number of false positive alerts. The aim of this research was to determine if it is possible for a firewall to self-learn by analysing its own traffic patterns. Statistical analyses of firewall logs for a large network were carried out and a baseline determined. Estimated traffic levels were projected using linear regresssion and Holt-Winter methods for comparison with the baseline. Rejected traffic falling outside the projected level for the network under study could indicate an attack. The results of the research were positive with variance from the projected rejected packet levels successfully indicating an attack in the test network

Managing Network Security with Snort Open Source Intrusion Detection Tools

Organizations both large and small are constantly looking to improve their posture on security. Hackers and intruders have made many successful attempts to bring down high-profile company networks and web services for lack of adequate security. Many methods have been developed to secure the network infrastructure and communication over the Internet such as the firewall and intrusion detection systems. While most organizations deploy security equipment, they still encounter the challenge of monitoring and reviewing the security events. There are various intrusion detection tools in the market for free. Also, there are multiple ways to detect these attacks and vulnerabilities from being exploited and leaking corporate data on the internet. One method involves using intrusion detection systems to detect the attack and block or alert the appropriate staff of the attack. Snort contains a suite of tools that aids the administrators in detecting these events. In this paper, Snort IDS was analysed on how it manages the network from installation to deployment with additional tools that helps to analyse the security data. The components and rules to operate Snort were also discussed. As with other IDS it has advantages and disadvantages

A typology of marine and estuarine hazards and risks as vectors of change : a review for vulnerable coasts and their management

This paper illustrates a typology of 14 natural and anthropogenic hazards, the evidence for their causes and consequences for society and their role as vectors of change in estuaries, vulnerable coasts and marine areas. It uses hazard as the potential that there will be damage to the natural or human system and so is the product of an event which could occur and the probability of it occurring whereas the degree of risk then relates to the amount of assets, natural or societal, which may be affected. We give long- and short-term and large- and small-scale perspectives showing that the hazards leading to disasters for society will include flooding, erosion and tsunamis. Global examples include the effects of wetland loss and the exacerbation of problems by building on vulnerable coasts. Hence we emphasise the importance of considering hazard and risk on such coasts and consider the tools for assessing and managing the impacts of risk and hazard. These allow policy-makers to determine the consequences for natural and human systems. We separate locally-derived problems from large-scale effects (e.g. climate change, sea-level rise and isostatic rebound); we emphasise that the latter unmanaged exogenic pressures require a response to the consequences rather than the causes whereas within a management area there are endogenic managed pressures in which we address both to causes and consequences. The problems are put into context by assessing hazards and the conflicts between different uses and users and hence the management responses needed. We emphasise that integrated and sustainable management of the hazards and risk requires 10-tenets to be fulfilled