2 nd Annual review Florence 15 th November 2013 Railway security demonstrator.

Slides:

Advertisements

Similar presentations

0 DOD/DT/CEDCV – 20 th & 21 st January Paris meeting SAGEM RTD Activities C2-Sense project Paris – 20 & 21 January 2015.

Advertisements

Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.

Ch. 7. Architecture Standardization for WoT

Fundamentals of Computer Security Geetika Sharma Fall 2008.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Security+ Guide to Network Security Fundamentals

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

IS Network and Telecommunications Risks

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington

Lecture 11 Reliability and Security in IT infrastructure.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Business Intelligence: Data and Text Management Instructor: Bajuna Salehe Web:

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Outline  Company Profile  Services Provided  Assets  System Schema  Risk Categories  Technical Risks and Mitigation  Summary.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.

Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Common Devices Used In Computer Networks

Prepared by: Dinesh Bajracharya Nepal Security and Control.

WSN Done By: 3bdulRa7man Al7arthi Mo7mad AlHudaib Moh7amad Ba7emed Wireless Sensors Network.

Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.

1 1 Local vs. remote intelligence A quick look at two different architecture management systems Copyright Nitrosoft 2010.

Description of the monitoring system experimentation on the freight car pSHIELD Demonstrator Testbed Architecture pSHIELD Final Review Meeting, Bruxelles.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Computer & Network Security

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Microcontroller-Based Wireless Sensor Networks

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.

Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Lecture 24 Wireless Network Security

Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Abstract A Structured Approach for Modular Design: A Plug and Play Middleware for Sensory Modules, Actuation Platforms, Task Descriptions and Implementations.

To ensure secure and dependable monitoring of rail cars transporting hazardous materials, providing resiliency against both random and malicious threats.

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

IS3220 Information Technology Infrastructure Security

Digital Planet: Tomorrow’s Technology and You Chapter 8 Networking and Digital Communication Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Security Gateway & Remote Monitoring and Control (RMC)

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

SESM Demonstrator FPGA Power Node Prototype Emilio Bisbiglio, SESM, Przemyslaw Osocha, SESM,

CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.

CS457 Introduction to Information Security Systems

Data and database administration

Intelligent Video Surveillance – The End of CCTV

The Next Generation - UNIFIED

Storage Virtualization

Cloud Testing Shilpi Chugh.

IS4680 Security Auditing for Compliance

Network and security trends in connected cars

Sensor Networks – Motes, Smart Spaces, and Beyond

Presentation transcript:

2 nd Annual review Florence 15 th November 2013 Railway security demonstrator

Physical Security Information Management (PSIM) systems for rail-based mass transit Rail-based mass transit systems are vulnerable to many criminal acts, including vandalism, thefts, pickpocketing, sabotage, terrorism. Assets: Tunnels, Vehicles, Line, Public areas (concourse, platform, etc.), Technical Rooms, Control Rooms, Depots, etc. In PSIM, heterogeneous intrusion detection, access control, intelligent audio- video surveillance, environmental sensors and CBRNe devices are integrated using different network links (wired copper/optical Ethernet, proprietary serial buses, WSN, Wi-Fi, Internet links, etc.) Network links and devices are often installed in open areas, accessible to the public, and therefore exposed to several SPD threats (both random and malicious)

Ansaldo STS PSIM: RailSentry RailSentry core is a web-based software application featuring a graphical user interface. Architecture is distributed and hierarchical, with both local and central control rooms collecting sensor data. In case of emergencies, system orchestrates response procedures. System Security, Privacy and Dependability are essential since: Information and alarms need to be trustworthy Critical personal data (including passenger “faces”) is sent through the network Surveillance needs to be highly available, fault-tolerant and resilient

RailSentry - Typical Architecture

Issues and nSHIELD solutions Heterogeneity in hardware and software technologies Criticality in terms of SPD requirements ISSUES: How to effectively and efficiently protect the overall system (including proprietary protocols and legacy devices ) against both random e malicious faults? How to measure system SPD during system operation? nSHIELD solutions: Homogeneous embedded hardware and software architecture to collect, exchange and tune SPD information, allowing for fault/attack-detection and dynamic system reconfiguration, according to system-level SPD requirements Justifiably measurable and real-time dynamically upgradeable SPD by means of appropriate metrics, ontologies, semantic models and composability mechanisms

Example risk analysis to classify threats Assets to protectThreatsVulnerability (V)Likelihood (P)Consequences (D)Risk R= P xV x D Ethernet Camera Analog Microphone Physical tamper/manumissio n HIGH If they are located in a public c area. LOW Operation of the single sensor is compromised, as the related monitoring functionality. The easy detection of the attack reduces its impact LOW Ethernet Camera Wi-Fi Camera Mote WSN HW fault:  Loss of component functionality  Loss of sensor functionality SW fault: Bug, Aging, Transient fault MEDIUM In general HW and SW are vulnerable, especially after some operation time, to this fault. MEDIUM It depends on HW and SW robustness and environmental condition. MEDIUM Effects range from loss of specific functions to loss of related monitoring functionality. It is difficult to diagnose MEDIUM Application server Unauthorized network access Sniffing MEDIUM The network is connected to the Internet. Using firewalls reduces vulnerability MEDIUM Nowadays attempts to attack public utility servers are not rare HIGH Once accessed by the attackers, the servers are completely under their control, and furthermore the attack con be difficult to detect. HIGH

Railway security demonstrator example CAM A works properly CAM A fails! SHIELD detects the fault and reconfigures the system to seamlessly show CAM B -> SPD decreases CAM B VIDEO STREAM IP2

Prototypes Integration

Prototypes involved CodePrototype nameDescriptionPartner 3 HypervisorGuaranteeing isolation and secure interaction between co-existing open software components SICS 4 Secure BootThe firmware for CPU core to prevent tampering T2D 5 Secure Power (&) Communication cape Secure Access control system AT/TELC/TUC 11 Automatic Access ControlAccess control mechanisms for physical resources of a network node TUC 16 Reputation-Based Secure RoutingFor WSN sensors TUC/HAI 19 Policy based access controlControl of access to devices and their resources via security policies TUC/HAI 20 Control AlgorithmsReconfiguration UNIROMA 22 Middleware Intrusion Detection System Filter for middleware services S-LAB 24 Network Layer SecuritySecurity communication between nodes TUC 25 OSGI MiddlewarePlatform for middleware services UNIROMA 26 Semantic ModelDomain description UNIROMA 27 Multimetrics Metrics computation TECNALIA 28 Attack Surface Metrics metrics computation SES 31 Middleware Protection Profile Defines the rules or rather the SPD requirement for prototypes Integration SES 32 Secure DiscoveryMiddleware service UNIROMA 33 Security AgentMiddleware service UNIROMA

The END That’s all folks!