Towards an auditable cryptographic access control to high-value sensitive data

We discuss the challenge of achieving an auditable key management for cryptographic access control to high-value sensitive data. In such settings it is important to be able to audit the key management process - and in particular to be able to provide verifiable proofs of key generation. The auditable key management has several possible use cases in both civilian and military world. In particular, the new regulations for protection of sensitive personal data, such as GDPR, introduce strict requirements for handling of personal data and apply a very restrictive definition of what can be considered a personal data. Cryptographic access control for personal data has a potential to become extremely important for preserving industrial ability to innovate, while protecting subject's privacy, especially in the context of widely deployed modern monitoring, tracking and profiling capabilities, that are used by both governmental institutions and high-tech companies. However, in general, an encrypted data is still considered as personal under GDPR and therefore cannot be, e.g., stored or processed in a public cloud or distributed ledger. In our work we propose an identity-based cryptographic framework that ensures confidentiality, availability, integrity of data while potentially remaining compliant with the GDPR framework

ontext-aware security and secure context-awareness in ubiquitous computing environments

Context-awareness emerges as an important element of future wireless systems. In particular, concepts like ambient intelligence and ubiquitous computing rely on context information in order to personalize services provided to their target users. However, security implications of employing context-awareness in computing systems are not well understood. Security challenges in context-aware systems include integrity, confidentiality and availability of context information, as well as target user's privacy. Another interesting and open question is to what extent availability of additional context information could be used in order to optimise and reconfigure security-related services

Leveraging and Fusing Civil and Military Sensors to support Disaster Relief Operations in Smart Environments

Natural disasters occur unpredictably and can range in severity from something locally manageable to large scale events that require external intervention. In particular, when large scale disasters occur, they can cause widespread damage and overwhelm the ability of local governments and authorities to respond. In such situations, Civil-Military Cooperation (CIMIC) is essential for a rapid and robust Humanitarian Assistance and Disaster Relief (HADR) operation. These type of operations bring to bear the Command and Control (C2) and Logistics capabilities of the military to rapidly deploy assets to help with the disaster relief activities. Smart Cities and Smart Environments, embedded with IoT, introduce multiple sensing modalities that typically provide wide coverage over the deployed area. Given that the military does not own or control these assets, they are sometimes referred to as gray assets, which are not as trustworthy as blue assets, owned by the military. However, leveraging these gray assets can significantly improve the ability for the military to quickly obtain Situational Awareness (SA) about the disaster and optimize the planning of rescue operations and allocation of resources to achieve the best possible effects. Fusing the information from the civilian IoT sensors with the custom military sensors could help validate and improve trust in the information from the gray assets. The focus of this paper is to further examine this challenge of achieving Civil-Military cooperation for HADR operations by leveraging and fusing information from gray and blue assets

Devil in the details: Assessing automated confidentiality classifiers in context of NATO documents

Abstract Automating security classification of documents has a great potential to increase the efficiency of information management and security in IT systems used by governmental, military and international organizations. In particular, automated security classification can be used in support of cross-domain information exchange solutions, such as the NATO Information Clearing House. These solutions often require a manual review of documents flowing between different security domains and thus introduce a performance bottleneck. In this paper, we describe an automated confidentiality classification process that could offer an important support for the manual review of documents. It consists of providing an automated pre-labeling of documents, accompanied by an assessment of confidence levels concerning the identified labels. This would allow responsible personnel to focus on low-confidence cases and review other documents only to the extent required to provide an appropriate audit and security control. We evaluate performance of some of the freely available classification algorithms in the context of confidentiality classification of NATO documents and conclude that although these systems are not accurate enough to warrant a complete autonomous operations, they are effective enough to provide an important support for human operators

Context-aware security and secure context-awareness in ubiquitous computing environments

Context-awareness is emerging as an important element of future wireless systems. In particular, concepts like ambient intelligence and ubiquitous computing rely on context information in order to personalize services provided to their end users. However, security implications of employing context-awareness in computing systems are not well understood. Security challenges in context-aware systems include integrity, confidentiality and availability of context information, as well as end user’s privacy. Another interesting and open question is to what extent availability of additional context information could be used in order to optimise and reconfigure security-related services themselves. 1

Secured Distributed Processing and Dissemination of Information in Smart City Environments

In the near future, smart cities are expected to provide their digital citizens with a new generation of real-time and time-critical, location-, social-, and context-aware services that leverage capillary Internet of Things (IoT) infrastructures providing a constant stream of information. However, the multitude and pervasiveness of IoT-based IT services in smart city environments raise significant security issues, as they present a massive attack surface. This is further exacerbated in humanitarian assistance and disaster recovery (HADR) scenarios, which often involve partnerships between civilian and military organizations. To date, HADR operations have mostly leveraged the deployment of ad hoc communication systems with limited or no connection to IT infrastructures in the affected cites. In the future, they will increasingly rely on smart city infrastructure systems such as traffic monitoring systems, smart utility networks, and public transportation systems for building and maintaining enhanced situational awareness. The military has been increasingly looking toward IoT as an extremely valuable, although not entirely reliable, information source for situational awareness purposes. More specifically, appropriate and robust security and trust management measures need to be deployed to ensure the availability, confidentiality, and integrity of information throughout its life cycle. This is particularly complicated considering the different ownership, administration domains, and policies that apply to these military and civilian assets and services. This article reports on the methodologies and tools proposed within the NATO IST-147 Research Task Group (RTG) on Military Applications of IoT that recently concluded its three-year activity, as well as the planned activities in the follow-up IST-176 RTG on Federated Interoperability of Military C2 and IoT Systems

Compiling NATO authorization policies for enforcement in the cloud and SDNs

NATO has developed a Content-based Protection and Release model to support the specification of access control policies. Enforcing such policies in different scenarios is a complex task that requires consideration of several aspects, including performance and administrative burden. We sketch a solution to this problem for the Cloud and Software Defined Networks