Your SlideShare is downloading. ×
  • Like
Comifin cluster meeting
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Comifin cluster meeting

  • 352 views
Published

 

Published in Technology , Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
352
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
5
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Collaborative Security for Protection of Financial Critical Infrastructures Roberto Baldoni CoMiFin baldoni@dis.uniroma1.it
  • 2. Financial Critical Infrastructures• Financial critical infrastructures are more exposed to a variety of coordinated and massive cyber attacks – Attacks against financial services that supported WikiLe aks (2010) – Payment card fraud (2008): coordinated attackers retrieved 9 million of US dollars• Risks for financial institutions (FIs) – Cost of downtime of an e-service is around 6 millions dollars per day – Damage to reputation – Loss of personal information about customers Amsterdam July 5th 2011 Roberto Baldoni 2
  • 3. CoMiFin Essential contract contract contract Agre ed infor matio n Organization 1 warn in gs Collaborative .... Processing System gs rnin wa n t io rma InternetOrganization M I n fo reed Ag Amsterdam July 5th 2011 Roberto Baldoni 3
  • 4. CoMiFin Essential: sense-and- response applications■ Monitoring■ Continuous Control■ Command and Control■ Mashup Services■ Business intelligence Amsterdam July 5th 2011 Roberto Baldoni 4
  • 5. CoMiFin Essentials: The notion of semantic room■ Contract ■ set of processing and data sharing services provided by the SR along with the data protection, privacy, isolation, trust, security, dependability, performance requirements. ■ The contract also contains the hardware and software requirements a member has to provision in order to be admitted into the SR.■ Objective ■ each SR has one strategic objective to meet (e.g, large-scale stealthy scans detection, detecting Man-In-The-Middle attacks)■ Deployment ■ highly flexible to accommodate the use of different technologies for the implementation of the processing and sharing within the SR (i.e., the implementation of the SR logic or functionality). Amsterdam July 5th 2011 Roberto Baldoni 5
  • 6. CoMiFin Essentials: Deploying a SemanticRoom ■ Private cloud ■ Deployment of the semantic room through the federation of computing and storage capabilities at each member ■ Each member brings a private cloud to federate Ap■ Public Cloud pl ica ve tio l ■ Deployment of the semantic room on Le n Co a third party cloud provider lla bo Le ■ The third party owns all computing ra ve t io l and storage capabilities■ Hybrid approach n In te rn et Le ve l Amsterdam July 5th 2011 Roberto Baldoni 6
  • 7. Comifin Essentials: Business Vision• CoMiFin platform can be potentially useful for addressing the following business use cases – Monitoring and reaction to cyber threats. We have semantic rooms deployment for: Man-in-the-Browser (privacy preserving) Man-in-the-Middle, Botnet detection, stealthy inter-domain port scan – Monitoring and reaction to frauds. We have semantic room deployment for: Counterfeit Euros Tampered ATM Unauthorized POS – Anti money laundering monitoring (Sapienza – Italian Intelligence) – Interconnection of semantic rooms. We have deployment for: stealthy inter-domain port scan semantic room output feeds man-in-the-middle semantic room to increase accuracy detection• Four FAB meeting evaluation sessions (UBS, INTESA SAN PAOLO, SWIFT, ABI) that have highlighted its possible business value in real financial use cases. Amsterdam July 5th 2011 Roberto Baldoni 7
  • 8. CoMiFin: Major Achievements• COMIFIN Architecture&Portal (semantic room lifecycle)• Distributed platform hadoop-based for complex event processing : AGILIS• Esper-Based semantic room platform for massive event processing incoming from • EPTS (Event Processing Technical Society) innovation trustworthy partners award 2011• Developments of • IBM Faculty Award 2011 for research in Distributed Massive –4 Semantic rooms detecting cyber processing event attacks –1 Semantic room for fraud detection • TR35 Innovation award 2011 –1 interconnection of semantic(Giorgia Lodi) roomsAmsterdam July 5th 2011 Roberto Baldoni 8
  • 9. CoMiFin: Major Achievements (i) -AGILIS• Distributed platform hadoop-based for complex event processing : – AGILISAmsterdam July 5th 2011 Roberto Baldoni 9
  • 10. CoMiFin, Semantic Room I: preventinginter-domain stealthy scan Attacker performs port scanning simultaneously at multiple sites trying to identify TCP/UDP ports that have been left open. Those ports can then be used as the attack vectors • Added value of collaboration: – Ability to identify an attacker trying to conceal his/her activity by accessing only a small number of ports within each individual domain • Action taken: – black list IP addresses – update historical recordsAmsterdam July 5th 2011 Roberto Baldoni 10
  • 11. CoMiFin, Semantic Room I: preventinginter-domain stealthy scanAmsterdam July 5th 2011 Roberto Baldoni 11
  • 12. CoMiFin, Semantic Room I: preventinginter-domain stealthy scanAmsterdam July 5th 2011 Roberto Baldoni 12
  • 13. CoMiFin: Major Achievements – MEF SemanticRoom for Frauds detection and correlation• Find out possible (spatial/temporal) correlation patterns among single isolated applications They do not exchange information with each other Data are apparently uncorrelated Sipaf: Credit card frauds Sirfe: Counterfeit banknotes• From the two applications we extracted three main data flows concerning Counterfeit Euros (from Sirfe) Tampered ATM (from Sipaf) Unauthorized POS (from Sipaf)• We did not consider unauthorized credit card transactions due to unavailability of important data such as Italian location Amsterdam July 5th 2011 Roberto Baldoni 13
  • 14. MEF Semantic Room data processing• We have identified the following possible correlations – Mainly based on geo-localization on the entire Italy GeoAggregation Identifies “hot areas”, i.e., areas (1 Km x 1 Km approximately) characterized by a high number of crime episodes of the three previously mentioned types Data from Sirfe and Sipaf are correlated based on the location Scores are assigned to the three data flow types and a threshold mechanism is used to identify red (high concentration), yellow (medium concentration) and green areas (low concentration) Crime Entropy Identifies areas characterized by a high number of different crime episodes Data from Sirfe and Sipaf are correlated based on the location » White areas correspond to high entropy and then high number of different episodes Amsterdam July 5th 2011 Roberto Baldoni 14
  • 15. MEF Semantic Room: data processingarchitecture <<ESPER CEP Engine>>Counterfeit SR gateway I/O socket euros adapter I/O socket <<Main Engine>> Tampered SR gateway EPL Query ATM I/O adapter socket alerts alert SR gatewayUnauthorized <<invoke>> <<invoke>> POS adapter I/O socket Services Cloud <<use>> subscribers Semantic Room Amsterdam July 5th 2011 Roberto Baldoni 15
  • 16. MEF Semantic Room: CounterfeitBanknotes
  • 17. Semantic Room: CounterfeitBanknotes - speculations Day vs. multiplicity V55605030341