hybrid_threats.pdf

1. HYBRID THREATS On the interleaving of the physical and cyberphysical world David Arroyo Guardeño Tenured Scientist

2. digital era

3. digital era data era

4. Data lifecycle CREATION ø CAPTURE SYNTHESIS s AGGREGATION STORAGE SECURITY ACCESS ü ANALYSE ARCHIVE ö PURGE SHARE T

5. Data lifecycle CREATION ø CAPTURE SYNTHESIS s AGGREGATION ACCESS ü ANALYSE ARCHIVE ö PURGE SHARE T STORAGE SECURITY o

6. Our daily activities are organized around ICT. . .

7. . . . we should take care of ICT

8. Inforamtion is valuable itself... I Who can access information

9. Inforamtion is valuable itself... I Who can access information I What can she do with the information?

10. Inforamtion is valuable itself... I Who can access information I What can she do with the information? I How long should she have access to information?

11. Inforamtion is valuable itself... I Who can access information I What can she do with the information? I How long should she have access to information? I How can she access information

12. Inforamtion is valuable itself... I Who can access information I What can she do with the information? I How long should she have access to information? I How can she access information I When a source of information can be considered as trusted?

13. Inforamtion is valuable itself... I Who can access information I What can she do with the information? I How long should she have access to information? I How can she access information I When a source of information can be considered as trusted?

14. IS CONFIDENTIALITY INTEGRITY AVAILABILITY

15. Cryptography

16. Cryptography SYMMETRIC or secret key

17. Cryptography SYMMETRIC or secret key ASYMMETRIC or public key

18. Symmetric cryptography (e.g., AES) ¤ ¤ Secret key session

19. Symmetric cryptography (e.g., AES) ¤ ¤ ?

20. Asymmetric cryptography (e.g., RSA) ¤ ¤ ¤

21. Asymmetric cryptography (e.g., RSA) ¤ R ¤ ¤

22. Asymmetric cryptography (e.g., RSA) ¤ ¤ ¤ R

25. Asymmetric cryptography: (session) key exchange ¤ ¤ ¤ ¤

26. Asymmetric cryptography: (session) key exchange ¤ ¤ ¤ ¤ ¤

29. Conventional digital signature ¤ ¤ ¤

30. Conventional digital signature ¤ ¤ ¤ R R

31. Conventional digital signature ¤ ¤ ¤ R R

32. Conventional digital signature ¤ ¤ ¤ R¤= R?

33. Who guarantees the public key is not fake? ¤ ¤ Ð

34. Who guarantees the public key is not fake? ¤Ð ¤ Ð

35. Who guarantees the public key is not fake? X.509 standard ¤ Ð

36. Trust centralization

37. Digital identity

38. Digital identity Something you know Password

39. Digital identity Something you know Something you have

40. Digital identity Something you know Something you have Something you are

41. http://www.informationisbeautiful. net/visualizations/ worlds-biggest-data-breaches-hacks/

42. Call for integral solutions I I have i been pwned? Check if you have an account that has been compromised in a data breach m I ’Worse Than KRACK’ – Google And Microsoft Hit By Massive 5-Year-Old Encryption Hole m I Vietnamese researcher shows iPhone X face ID ’hack’ m

43. Call for integral solutions II I Japan researchers warn of fingerprint theft from ’peace’ sign m I Hacker fakes German minister’s fingerprints using photos of her hands m I Side channel attacks I Eavesdropping attacks on computer displays m

44. Call for integral solutions III I Acoustic side-channel attacks on printers m COHERENCE AND CONGRUENCE BUSINESS GOALS LEGAL/NORMATIVE REQUIREMENTS TECHNOLOGY

45. The Spanish National Research Council (CSIC) is the largest public research organisation in Spain, the fourth largest in Europe and the seventh largest in the world. The mission of the Spanish National Research Council is to promote, coordinate, develop and disseminate scientific and technological multi- disciplinary research, in order to contribute to the progress of knowledge and economic, so- cial and cultural development. Research at CSIC is structured into three Glob- al Areas, Society, Life and Materia, covering all disciplines of human knowledge, and is carried out in its 123(*) research centres distributed throughout Spain. HR DATA SCIENTIST 1,414 2,282 3,696 RESEARCHER IN TRAINING 699 684 1,383 SUPPORT/TECHNICIAN 2,583 2,117 4,700 MANAGEMENT/ADMINISTRATION 758 509 1,267 TOTAL 5,454 5,592 11,046 SCIENTIFIC OUTPUT 14,866 INDEXED ARTICLES 587 NON-INDEXED ARTICLES 880 BOOK CHAPTERS 216 BOOKS 651 THESES ONGOING ERC PROJECTS 62 PROJECTS AMOUNTING TO € 105.8 M 16 ADVANCED GRANTS € 31.8 M 19 STARTING GRANTS € 23.9 M 21 CONSOLIDATORGRANTS€ 38.2M 3 SYNERGY GRANTS € 11.5 M 3 PROOF OF CONCEPT € 0.4 M ECONOMIC DATA INCOME (€M) EXPENSES (€M) 763.19 709.67 468.6 [SPANISH STATE] 495.7 [STAFF] 292.95 [COMPETITIVE] 147.83 [OTHER EXPENDITURE] 1.64 [ESF/ERDF] 66.14 [INVESTMENT] 397 TFG 651 THESES 250 JAE INTRO 32 JAE INTRO SOMdM 604 TFM 79 JAE INTRO ICU TRAINING KNOWLEDGE TRANSFER PROTECTED ASSETS TECHNOLOGY-BASED COMPANIES (TBCS) 1,593 CONTRACTS AND AGREEMENTS € 26 M ROYALTIES PATENTS PCT LICENSESOF PROTECTEDASSETS 208 10 1.2 147 69 82 M € NATIONAL FUNDING PROGRAMMES 3,543 NATIONAL PROGRAMME PROJECTS, FUNDED WITH € 576.18 M INTERNATIONAL FUNDING PROGRAMMES 532FRAMEWORK PROGRAMMES PROJECTS, FUNDED WITH € 267.74 M 88OTHER INTERNATIONAL PROJECTS, FUNDED WITH € 13.20 M 132NON-FRAMEWORK PROGRAMME PROJECTS, FUNDED WITH € 25.33 M EUROPEAN NON-EUROPEAN ONGOING PROJECTS AND ACTIONS

46. Sara Degli Esposti and Carles Sierra (2020). White Paper on Artificial Intelligence, Robotics and Data Science. Tech. rep.

47. CS Criptography Information theory Statistics Operating systems and networks Software engineering Systems control Electronics Artificial intelligence

48. Smart cybersecurity: key challenging points 1. Fighting Misinformation About Science 2. Imposing Security-by-Default Along the Computing System by Leveraging AI 3. Creating a Formal Model for Adversarial Machine Learning 4. Safeguarding Privacy in the Era of Big Data and AI

53. Trust in the trustworthy

54. Trust in the trustworthy An interdisciplinary view of the role of control, accountability, and digital surveillance in building trust relationships

55. Integrated national response whole-of-society approach Vulnerability to hybrid threads (target’s critical func- tions) Integrated international response (EU-NATO cooperation) Hybrid threats (State or non-state actors) Threat analysis, detection, deterrence Self-assessment, preparedness, resilience Situational awareness Comprehensive security

56. LSU-ICT-02-2020-Building blocks for resilience in evolving ICT systems

57. Comprehensive (BLT) Security solutions, otherwise... I I have i been pwned? Check if you have an account that has been compromised in a data breach m I ’Worse Than KRACK’ – Google And Microsoft Hit By Massive 5-Year-Old Encryption Hole m I Vietnamese researcher shows iPhone X face ID ’hack’ m

58. Comprehensive (BLT) Security solutions, otherwise... II I Side channel attacks Tom Van Goethem et al. (2020). “Timeless timing attacks: Exploiting concurrency to leak secrets over remote connections”. In: 29th {USENIX} Security Symposium ({USENIX} Security 20), pp. 1985–2002 CALL FOR A PROPER Business, Law, and Technology approach

59. Requirements Context evaluation Attack model Implementation Standards Protocols, Primitives Procedural analysis Communication channel model Computational model Formal model

60. Requirements Requirements Context evaluation Attack model Implementation Standards Protocols, Primitives Procedural analysis Communication channel model Computational model Formal model

61. Requirements Context evaluation Context evaluation Attack model Attack model Implementation Standards Protocols, Primitives Procedural analysis Communication channel model Computational model Formal model

62. Requirements Context evaluation Attack model Implementation Standards Protocols, Primitives Implementation Standards Protocols, Primitives Procedural analysis Communication channel model Computational model Formal model

63. Requirements Context evaluation Attack model Implementation Standards Protocols, Primitives Procedural analysis Communication channel model Computational model Formal model Procedural analysis Computational model Formal model

64. Requirements Context evaluation Attack model Implementation Standards Protocols, Primitives Procedural analysis Communication channel model Computational model Formal model Communication channel model

65. Yingzhe He et al. (2019). “Towards privacy and security of deep learning systems: a survey”. In: arXiv e-prints, arXiv–1911

66. Adversarially Robust AI Solutions For Cybersecurity Management Supporting Cyberinsurance from a Behavioural Choice Perspective (CYBECO) 1. Provide new methods for incorporating the nature of adversarial actions in risk calculations for cybersecurity and cyberinsurance: countering lack of attack data through SEJ, better founded risk management approaches in cybersecurity, beyond risk matrices, and an integrated framework for deciding cybersecurity investments. 2. Implementation of key aspects of the model and incorporates behavioural cyber security findings 3. A more rigorous framework for deciding cybersecurity investments and the identification of cybersecurity nudges

67. Data acquisition Monitoring As a byproduct of another activity Transfer of pre-existing information

68. What is that thing called identity? Identification Linkability Traceability

72. eIDAS (electronic IDentification, Authentication and trust Services) Markets in Crypto-Assets (MiCA) regulation The Digital Markets Act (DMA)

73. Linkability

74. Linkability

75. Linkability

76. Linkability

77. Linkability

78. Linkability

79. Linkability

80. Linkability Related???

81. Linkability Related???

82. Traceability

83. Traceability

84. Traceability

85. Traceability

86. Traceability

87. Traceability

88. Traceability

89. Conventional Digital Signatures

90. Conventional Digital Signatures Publicly verifi- able, transferable

91. Conventional Digital Signatures Deniability Publicly verifi- able, transferable

92. Conventional Digital Signatures Deniability Publicly verifi- able, transferable e-voting, e-coin

93. Conventional Digital Signatures Deniability Linkability Publicly verifi- able, transferable e-voting, e-coin

94. Conventional Digital Signatures Deniability Linkability Publicly verifi- able, transferable e-voting, e-coin Fairness in anony- mous communications

95. Conventional Digital Signatures Deniability Linkability Traceability Publicly verifi- able, transferable e-voting, e-coin Fairness in anony- mous communications

96. Conventional Digital Signatures Deniability Linkability Traceability Publicly verifi- able, transferable e-voting, e-coin Fairness in anony- mous communications promotions in privacy respectul e-commerce

97. THANKS!!! https://dargcsic.github.io/

98. Some references... I Degli Esposti, Sara and Carles Sierra (2020). White Paper on Artificial Intelligence, Robotics and Data Science. Tech. rep. He, Yingzhe, Guozhu Meng, Kai Chen, Xingbo Hu, and Jinwen He (2019). “Towards privacy and security of deep learning systems: a survey”. In: arXiv e-prints, arXiv–1911. Van Goethem, Tom, Christina Pöpper, Wouter Joosen, and Mathy Vanhoef (2020). “Timeless timing attacks: Exploiting concurrency to leak secrets over remote connections”. In: 29th {USENIX} Security Symposium ({USENIX} Security 20), pp. 1985–2002.

hybrid_threats.pdf

You are reading a preview.

Check these out next

hybrid_threats.pdf

More Related Content

Similar to hybrid_threats.pdf (20)

More from darg0001 (8)

Recently uploaded (20)