Presentation of project proposals and feedback from customers

Presentation of project proposals and

feedback from customers

Welcome to session III

DTIDSDigital Twin-based Intrusion Detection Systems

ITEA Cyber Security Day 2021

Emre Ege Smekal

3

PROJECT PROPOSAL:

DTIDSProblem Statement

▪ Eliminating all security vulnerabilities at the design time is infeasible

given the complexity of IoT systems

▪ Real-world IoT systems are heterogeneous, composed of devices

from different vendors

▪ Small-scale IoT devices have low security budget

▪ Specialized countermeasures usually protect against a particular type

of attacks only

Intrusion detection can be performed by an edge-like device, either at host or at the network level. As any reasonable attack will cause an anomalous behavior, the security breach will be

detected regardless of what specific vulnerability was exploited.

4

PROJECT PROPOSAL:

DTIDSChallenges for Intrusion Detection

Ever-increasing system complexity

Heterogeneous, multi-vendor components

System evolution, e.g., due to software updates

Distributed and decentralized architectures

In future systems, rule-based IDS solutions will struggle with high complexity, low transparency and evolutionary nature of software-driven, heterogeneous IoT products

5

PROJECT PROPOSAL:

DTIDSProject proposal description

Actual System Digital Twin

Data

𝐵′ == 𝐵?

Behavior 𝐵′ Behavior 𝐵

High precision & scalability

Low maintenance

Seamless integration

Continuous operation

Digital Twin – a virtual representation of the actual system throughout the entire system’s life cycle – enables a precise, low-maintenance, scalable intrusion detection for seamless &

continuous resilience

6

PROJECT PROPOSAL:

DTIDSKey selling pointsIn

novatio

n

Busi

ness

Impact•Digital Twin-based IDS

•High-precision intrusion

detection

•Low false positives rate

•Ease of maintenance

•Low maintenance cost &

ease of update

scalability

•Seamless integration into

existing monitoring systems

7

PROJECT PROPOSAL:

DTIDSPartners & expertise

▪ Partners involved

▪ Canada: iSecurity*, StreamWorx.AI Inc.

▪ Germany: Eclipse Foundation Europe GmbH, isb innovative software

businesses GmbH, NXP Semiconductors Germany GmbH, Robert

Bosch GmbH*, TWT GmbH Science & Innovation, University of Lubeck

▪ Portugal: Instituto Superior de Engenharia do Porto (ISEP)*,

SISTRADE Software Consulting, S.A., VIZELPAS - COMERCIO DE

ARTIGOS PLASTICOS LDA

▪ Turkey: Arcelik, ARD GROUP*, Bewell Technology San.Tic.A.S.,

ERARGE, Panasonic Life Solutions Elektrik San. ve Tic. A.S.

8

PROJECT PROPOSAL:

DTIDSContact details

▪ Yusuf Kursat TUNCEL

ARD Group

kursat.tuncel@ardgrup.com.tr

+90 (533) 964 81 44

▪ Ilay KURT

ARD Group

ilay.kurt@ardgrup.com.tr

+90 (532) 280 50 76

ENTAEncrypted Network Analysis for Cyber Security

ITEA Cyber Security Day 2021

Dr. Biswajit Nandy

CTO, Solana Networks

10

PROJECT PROPOSAL:

ENTAMotivation

ENTA project explores solution based on encrypted network traffic characteristics analysis

▪ Key techniques will be based on AI

▪ Preserve end user privacy by avoiding payload data examination

▪ Solution will be scalable and in near real-time

HTTPS encryption on the web (Source: Google Transparency Report)

Nearly 90% of Internet traffic is encrypted

➢ Deep Packet Inspection is failing (TLS 1.3 has made it more difficult)

➢ Harder to distinguish between legitimate and illegitimate traffic

➢ Operators are unable

• to block illegal traffic

• to detect encrypted data exfiltration

• to detect rogue IoT devices with encrypted communication

11

PROJECT PROPOSAL:

ENTAState of the Art

Encrypted Application Visibility

▪ Academic research on ML based encrypted traffic classification exists since 2007

- It has not reached sufficient maturity to bridge into industrial solutions -- some major challenges exist

▪ More recently researchers are addressing some of these problems (DL, real-time etc.)

▪ Industry: Some DPI vendors got statistical analysis based detection

Rogue IoT device detection

▪ Academic research is underway since 2015 for IoT device discovery and rogue IoT detection

▪ IoT device discovery and tracking using ML is also proposed in 2018

▪ Industry: Very few vendors: Zvelo and Armis

Encrypted data exfiltration

▪ Encrypted threat detection – active academic research area

▪ Very recently researchers are focusing to address this problem DNS side channels – data exfiltration

▪ Industry: Malware detection or other threat detection – Cisco Stealthwatch, Gigamon ThreatINSIGHT, IronNet,

Darktrace etc.

12

PROJECT PROPOSAL:

ENTAENTA: Use Cases

➢ Encrypted application visibility

➢ Rogue IoT device detection

➢ Cyber threat detection (data exfiltration on encrypted side channels)

Encrypted Network Traffic Analytics

Privacy Protection

Data Science

Machine Learning

Deep LearningTLS

Fingerprinting

Rouge IoTDevice

Detection

Encrypted Application

Visibility

CyberThreat

Detection

Encrypted Network Traffic

13

PROJECT PROPOSAL:

ENTAProposed Solution

14

PROJECT PROPOSAL:

ENTAExpected Project Outcome

➢ The ENTA project will deliver an encrypted traffic analysis service platform for cyber

security. The platform will support a number of basic building blocks necessary for any

ML/DL based traffic analysis.

➢ Three use cases that are highlighted for the ENTA project will be demonstrated with

near product quality prototypes with following attributes:

▪ Highly scalability

▪ Near real-time performance

▪ Support traffic rate higher than 10Gbps

➢ Any of these use case can be brought to market as a standalone solution or tool:

1. Encrypted traffic classification

2. Rogue IoT device detection and tracking

3. Detection of data exfiltration on encrypted side channels

15

PROJECT PROPOSAL:

ENTAPartners

Company Country

Metodos y Technologia Spain

IDavinci Spain

APARA Creadores de Mercapus S.L Spain

KKB Kredi Kayit Burosu A.S. Turkey

Migros T.A.S. Turkey

Labris Networks Turkey

Ruag MRO Switzerland

IGS Hawkesbury Inc. Canada

Dalhousie University Canada

Solana Networks Canada

16

PROJECT PROPOSAL:

ENTAContact details

Dr. Biswajit Nandy

Solana Networks

bnandy@solananetworks.com

Thank You!

CONTRASTCONtinuous engineering and TRustworthy operation

of Ai-enabled SysTems

ITEA Cyber Security Day 2021

Marc Zeller, Siemens AG

18

PROJECT PROPOSAL:

CONTRAST

Motivation

Engineering of systems incorporating AI

▪ Economic Drivers for using AI in Cyber-Physical Systems (CPS)

- Enabling new applications and services

- Reducing cost of doing business

- Increase speed of innovation

- Enabling continuous availability of products by reducing system downtimes

- Providing costumer trust in automated, AI-enabled systems

▪ Challenge: Engineering of systems incorporating AI and ensuring the

appropriate trust in operation for such systems poses new challenges

19

PROJECT PROPOSAL:

CONTRASTTrustworthiness *

*) VDE application rule VDE-AR-E 2842-61 “Development and Trustworthiness of autonomous/cognitive Systems”

20

PROJECT PROPOSAL:

CONTRASTSolution Concept

Engineering of AI-based CPS / systems-of-systems and guarantee trustworthy operation

▪ Specification and verification of system capabilities and trustworthiness properties

▪ Monitoring and analysis of capabilities and trustworthiness during operation

▪ Dynamic assessment of risks due to changing Operational Design Domain (ODD)

▪ Feedback loop based on filed observation to enable continuous improvement

Application to use cases in the transportation, industrial automation, and healthcare domain

21

PROJECT PROPOSAL:

CONTRASTAI-based CPS = new Security Challenges

▪ AI/ML is target to new kinds of attack- Data poising, model poising, Ml models with backdoors, etc.

- Exploitation of the physical environment

▪ Security threats are hazardous events- Safety concepts must take security issues into account

▪ AI/ML-based systems are developed iteratively and need to deal with uncertainty- Frequent updates require automated security and safety assessment

▪ AI/ML-based systems are developed by different vendors/suppliers and need to be integrated- Often AI/ML components are back-boxes supplied by different companies

- Security assurance cases can capture the security-related information and enable a (semi-)automated integration

▪ Cyber-physical Systems (-of-Systems) are heterogeneous and permanently connected to the Inter (IIoT)- Integration of newly deployed systems/components and legacy devices in manufacturing cindering security aspect

- Efficient key exchange/distribution mechanism in intelligent transportation

- End-to-end security design required

https://portswigger.net/daily-swig/trojannet-a-simple-yet-effective-attack-on-machine-learning-models

22

PROJECT PROPOSAL:

CONTRASTKey selling points

▪ Innovation- A well-defined semantic foundation for capability specifications as well as

specification models for engineers

- Generation of trustworthiness monitors from capabilities

- Reference architectures that support the envisioned runtime monitoring and adaption in various application domains

- Integration of the CONTRAST methods and tools into coherent engineering frameworks and development platforms that cover the whole engineering life-cycle

▪ Business Impact- Competitive products on the world stage

▪ USP for European products: quality made in Europe (Trustworthy AI)

- Having the right product at the right time and the right place▪ Being flexible, adaptable and configurable

- Reducing risk of rollout of systems (especially with embedded AI-elements)

- Convince certification/homologation authorities of autonomous, AI-based systems

23

PROJECT PROPOSAL:

CONTRASTPartners & expertise

▪ Partners involved

- Austria: Road Venture Innovation, TU Graz, University Graz

- Belgium: Siemens Industry Software

- Germany: Siemens, Fraunhofer, Bosch, SICK, DFKI, OFFIS, TU Ilmenau,

Arrival, Modelwise, AI4UandI

- Ireland: LERO/DKIT, Malone Group, iQuTech

- Netherlands: TNO-ESI, CANON, Philips, Thunderbyte.AI, Ratio Computer

Aided Systems Engineering

- Sweden: KTH, Scania, Zenseact, Syntell, Veoneer, Safety Integrity

- Turkey: AVL Turkey, Enforma, Bigtri, İSBAK

24

PROJECT PROPOSAL:

CONTRASTContact details

▪ Marc Zeller

Siemens AG

marc.zeller@siemens.com

+49 (172) 103 60 65

NGASTNext Generation Automated Security Testing

ITEA Cyber Security Day 2021

Yusuf Kurşat Tuncel

26

PROJECT PROPOSAL:

NGASTProblem Statement

▪ Continuously increasing complexity combined with connectivity

results in a massive increase of IoT devices' attack surface

▪ But: resources for protecting IoT devices and IT systems don’t grow

at the same pace for economic reasons

▪ IoT device manufacturers and operators face the challenge of

defending a vastly larger attack surface with essentially the same

resources

To close this gap, methods and tools for automated security testing are needed to eliminate security weaknesses in software or APIs early in the development process.

27

PROJECT PROPOSAL:

NGASTChallenges for Automated Security Testing

Traditionally, manually operated tools

Large & fast changing software

Binary software components from 3rd parties

Distributed systems that rely on APIs

Comprehensive, IoT-scale automated security testing is difficult to implement using existing tools and methods.

28

PROJECT PROPOSAL:

NGASTProject proposal description

High degree of automation (CI/CD-ready)

Covers source code, binaries & APIs

Few to none false positives

Developer-friendly

Next generation CI/CD-capable automated security testing solution for source code, binaries, and distributed systems in the Internet of Things (IoT)

29

PROJECT PROPOSAL:

NGASTKey selling pointsIn

novatio

n

Business

Impact

▪ A u t o m a t e d s e c u r i t y t e s t i n g

▪ C o v e r s s o u r c e c o d e , b i n a r i e s a n d A P I s

▪ F e w t o n o n e f a l s e p o s i t i v e s

▪ E a s e o f u s e

▪ R e d u c t i o n o f v u l n e r a b i l i t y

d e t e c t i o n c o s t t h r o u g h

a u t o m a t i o n

▪ C o s t s a v i n g s t h r o u g h

e a r l y v u l n e r a b i l i t y

i d e n t i f i c a t i o n

▪ S e a m l e s s i n t e g r a t i o n i n t o

e x i s t i n g C I / C D p i p e l i n e s

30

PROJECT PROPOSAL:

NGASTPartners & expertise

▪ Partners involved

- Germany: AKKA DSO GmbH, Expleo Germany GmbH, Fraunhofer, Institut

für Automation und Kommunikation (IFAK), itemis AG, let's dev GmbH &

Co. KG, NXP Semiconductors Germany GmbH, Robert Bosch GmbH*,

Ruhr- Universität Bochum, TWT GmbH Science & Innovation, University of

Paderborn

- Sweden: Ericsson, Mälardalen University*

- Turkey: ARD GROUP*, Ericsson, SoftTech, Turkcell Teknoloji, UNIT

Information Technologies R&D Ltd.

31

PROJECT PROPOSAL:

NGASTContact details

▪ Yusuf Kursat TUNCEL

ARD Group

kursat.tuncel@ardgrup.com.tr

+90 (533) 964 81 44

▪ Ilay KURT

ARD Group

ilay.kurt@ardgrup.com.tr

+90 (532) 280 50 76

Thank you for your attention