Cyber Security
Solutions from
Tekes Safety and Security Programme
Total IT Asset Data Erasure
User need
 A secure, ethical, fast and convenient solution
for the complete erasing of digital data

Solution
 100% data erasure for all IT assets
 Cannot be recovered with any existing
technology
 Most comprehensive certification in the industry
 PC, mobile, file, server, data center and virtual
solutions
 Reports generated for every erasure

Benefits
 Increased data security, improved regulatory compliance
 Reduced costs through more efficient IT asset
administration

Users
 Banking and finance and defense industries
 Government organizations
 IT Asset Disposal professionals
www.blancco.com

Blancco has Certifications and Approvals
from eg.:
- Common Criteria (ISO 15408)
- Communications-Electronics Security
Group
- BSI - Federal Office for Information
Security
- NATO
- TÜV – SÜD
- The Norwegian National Security
Authority
- The USA Department of Defense
Flexible and Secure Authentication
User need
 Authentication to Internet services cries for radical
improvement : it is cumbersome and unreliable

Solution
 An authentication solution that integrates with the
current end-user devices and services

Benefits
 Provides usability, security and privacy for all users
of Internet services
 Solves the shortcomings of competing alternatives
in usability, security, and deployment
 Partners onboard have a unique chance to take
advantage of the inexorable paradigm shift of
authentication to Internet services

Users
 All end-users that use Internet services

www.cwc.oulu.fi / Jani Pellikka, jpellikk@ee.oulu.fi
Fuzz-o-Matic: Testing-as-a-Service for
Application Security and Robustness
Need
 Discovering dependencies on third-party libraries and applications
 Ensuring that used applications do exactly what they’re supposed to do
 Robustness test your applications and ensure their safety

Approach
 Fuzz-o-Matic is a scalable testing-as-a-service offering
 Scans the existing open source binaries, and then fuzz-tests all potential
interfaces
 Supports Windows, Linux, Android and iOS applications

Benefits
 Reliable and repeatable test results, find the existing vulnerabilities in the
Open Source libraries
 Quality Assurance

Competition
 Some competitors have similar services for known vulnerabilities

Users
 Software and hardware companies, web service providers

www.codenomicon.com
Secure Your Mass Memory Devices
User need
 Protect data on various mass memory devices as
well as in could

Solution
 Protect a confidential document by encrypting it
and removing small random parts of it to another
location

Benefits
 Easy to use, high level of protection
 Guarantee data integrity and allowing document
tracking

Users
 Small and larger corporations, government
agencies, etc.

http://www.envaultcorp.com/

A simple but brilliant idea: Protect a
confidential document by first encrypting it
and then removing small random parts of it
to another location.
Insertion and Detection of Data in
Portrait Images
Need

 Increase the security of card holder´s image by various digital means, based
on visible and invisible markings (watermarking, guilloches, image hashing)
 The security need arises from increased international crime such as
terrorism, and human and drug trafficking. Technically the need for this type of
solutions arises from two trends: growing ratio of ID and travel documents
being equipped with micro-processor chips; and more widely spread reader
infrastructure for document authentication at borders and by police

Approach

 Define and build a demonstrator
system, including personalization
machine, software solution, and a
product that can be manufactured and
personalized in an industrial manner

Benefits

 Higher security of ID products
 Machine-readability of the security
features

Users

 Governments issuing identity products
www.gemalto.com
Information Security Investments
User need
 Today, a widely recognized need for improving the success of
security related investment proposals within the organizations;
how to get more resources for information security (IS)
investments from the company management

Solution
 A risk management tool for measuring the value of IS investments
 Theoretical models, based on empirically testing, for explaining
and predicting investment decisions

Benefits
 Understanding the weaknesses of the current IS investment
decisions, and persuasion methods for gaining resources for IS
investments from the management

Competition
 The existing research on information security investments is not
empirically proved to work in practice

Users
 Information security managers and other employees involved in
the IS decision making within the organizations
www.oulu.fi/english
Business-Oriented Identity and Access
Management

User need

 To securely register users into e-services such as extranets and
e-shops
 Identity enrichment with attributes, entitlements and mandates
are needed for e-services to be productive and smooth

Solution
 Business-oriented approach to identity and access
management
 The solution covers stakeholder services including identity
registration and delegated management, together with
extensive authentication and identity federation, identity
enrichment, role management and e-mandates

Benefits
 Security along with efficiency and smoothness for customer eservices
 Savings of 40€ per registration plus 20€ per transaction and
session

Users
 Nordic and European companies
www.ubisecure.com
Role-centric Identity
Need
 Organisations have a crucial need for identity
control: Managing large complexities in a continuous
changes

Approach
 A set of innovative and modular security
components and processes to enhance role
management within the infrastructure identity level
and provide innovative role functionalities

Benefits
 Improved capacity to implement and deploy identity
and security mechanisms and solutions  Stronger
competitive position of European industry in the
selected sectors

Users
 Healthcare and public safety organisations using
networks for their business or administration

www.roleid.org
Storage Broker for Multi-Cloud
Environments
User need
 Predictable cloud storage for data, accessible at any place with any
device
 Minimized risks, compliance with laws and regulations
 Comparability of cloud providers

Solution





Multi-cloud storage broker
Cloud vendor benchmarking, user defined Service Level Agreement
Value-adding security services as impartial third party
The methods apply practices used in clean production in the high-tech
industries

Benefits
 Lesser data lock-in and cost of switching cloud providers
 Saving through supported decisions and risk management

Users
 Any large user of cloud services

www.helsinki.fi
Future Information Security Trends
User need
 Anticipate information security related risks and
opportunities to appear within 5 – 10 years in Finland

Solution
 A report and a proposal for an on-going trend discovery
process

Benefits
 The results will be public and available for all interested
parties

Users
 All kinds of Finnish organizations

http://magnet.erve.vtt.fi/kasi
Modern Network and Application
Information Security Perception
User need
 Network managers require ability to prevent and
detect information security incidents (malware,
DoS attacks, etc.)
 Current solutions provide limited functions, able
to usually detect but not effectively prevent.
 Complexity quickly and changing nature of
network environment are problems

Solution
 More efficient methods are required for
successful monitoring of networks and
applications
 Different statistical approaches were researched

Benefits
 Improved network security monitoring

Users
 Any network administrator with security
requirements
www.vtt.fi
Information Security in Industrial
Control Systems
User need
 Plants to gain proper control of security situation

Solution





Security requirement base for plant ICS
Concept and procedure for site ICS security mapping
Site specific results of overall ICS security mapping
Initial plan for ICS security improvement programs

Benefits
 Support the continuation of the core production &
prevent information security incidents in automation
intensive production

Users
 Industrial production sites, plants, headquarters

www.vtt.fi

Identifying the current major ICS (Industrial
Control System) security & continuity gaps
and bottlenecks of industrial sites.
Safety-Critical Software in Machinery
"Bug" control

Need
 Faults in a machine program can cause
severe hazards especially when program
size increases

Fault forecasting

Fault
prevention

Solution
 Ideas for software development model and
criteria for selecting methods according to
the case criticality and developer needs

Fault tolerance

Fault removal

Benefits
 Well-defined and yet flexible development
process means typically lower design costs
 Safety under control means less accidents,
better product confidence and
peace of mind for designers

Users
 Machine builders, software developers

www.vtt.fi

Methods for defect or “bug” control
can be divided into four different
categories
Information Security Testing
User Need
 Adequate information security level under continuously
evolving threatscape

Solution
 Novel security testing and network monitoring solutions
→ these include fuzz- and model based testing tools, as
well as test case selection and anomaly detection
methods

Benefits
 Integrity, confidentiality and availability of information,
services and data is maintained at acceptable level

Users
 Software and embedded system vendors and operators
in different fields
 Any party striving to improve information security level
of their products or infrastructure

www.itea2-diamonds.org
Know Which Websites To Trust
User need

 Make informed decisions whether to visit a website or not,
especially when visiting unknown sites
 Decisions are made based on website reputation and user
reviews made by millions of users worldwide

Solution

 A crowdsourced service which enables every user to rate and
review a website based on their own experiences These
ratings and reviews help other users to make informed
decisions whether to trust a site or not
 WOT has developed an innovative algorithm that makes the
system reliable and difficult to manipulate

Benefits

 Free and easy to use service which provides traffic-light style
icons (indicating website reputation) next to search results,
social networking sites, online emails and other popular sites

Competition

 WOT is a unique concept with no direct competitors
worldwide. WOT currently co-operates with major internet
players such as Facebook and Mail.ru

Users

 All interested Internet users, currently over 80 million
downloads and over 42 million rated websites
www.mywot.com

The WOT add-on shows you which websites
you can trust based on millions of users'
experiences.
The WOT safe surfing browser tool is easy-touse, fast and completely free.

Cyber Tekes Safety and Security programme 2013

  • 1.
    Cyber Security Solutions from TekesSafety and Security Programme
  • 2.
    Total IT AssetData Erasure User need  A secure, ethical, fast and convenient solution for the complete erasing of digital data Solution  100% data erasure for all IT assets  Cannot be recovered with any existing technology  Most comprehensive certification in the industry  PC, mobile, file, server, data center and virtual solutions  Reports generated for every erasure Benefits  Increased data security, improved regulatory compliance  Reduced costs through more efficient IT asset administration Users  Banking and finance and defense industries  Government organizations  IT Asset Disposal professionals www.blancco.com Blancco has Certifications and Approvals from eg.: - Common Criteria (ISO 15408) - Communications-Electronics Security Group - BSI - Federal Office for Information Security - NATO - TÜV – SÜD - The Norwegian National Security Authority - The USA Department of Defense
  • 3.
    Flexible and SecureAuthentication User need  Authentication to Internet services cries for radical improvement : it is cumbersome and unreliable Solution  An authentication solution that integrates with the current end-user devices and services Benefits  Provides usability, security and privacy for all users of Internet services  Solves the shortcomings of competing alternatives in usability, security, and deployment  Partners onboard have a unique chance to take advantage of the inexorable paradigm shift of authentication to Internet services Users  All end-users that use Internet services www.cwc.oulu.fi / Jani Pellikka, jpellikk@ee.oulu.fi
  • 4.
    Fuzz-o-Matic: Testing-as-a-Service for ApplicationSecurity and Robustness Need  Discovering dependencies on third-party libraries and applications  Ensuring that used applications do exactly what they’re supposed to do  Robustness test your applications and ensure their safety Approach  Fuzz-o-Matic is a scalable testing-as-a-service offering  Scans the existing open source binaries, and then fuzz-tests all potential interfaces  Supports Windows, Linux, Android and iOS applications Benefits  Reliable and repeatable test results, find the existing vulnerabilities in the Open Source libraries  Quality Assurance Competition  Some competitors have similar services for known vulnerabilities Users  Software and hardware companies, web service providers www.codenomicon.com
  • 5.
    Secure Your MassMemory Devices User need  Protect data on various mass memory devices as well as in could Solution  Protect a confidential document by encrypting it and removing small random parts of it to another location Benefits  Easy to use, high level of protection  Guarantee data integrity and allowing document tracking Users  Small and larger corporations, government agencies, etc. http://www.envaultcorp.com/ A simple but brilliant idea: Protect a confidential document by first encrypting it and then removing small random parts of it to another location.
  • 6.
    Insertion and Detectionof Data in Portrait Images Need  Increase the security of card holder´s image by various digital means, based on visible and invisible markings (watermarking, guilloches, image hashing)  The security need arises from increased international crime such as terrorism, and human and drug trafficking. Technically the need for this type of solutions arises from two trends: growing ratio of ID and travel documents being equipped with micro-processor chips; and more widely spread reader infrastructure for document authentication at borders and by police Approach  Define and build a demonstrator system, including personalization machine, software solution, and a product that can be manufactured and personalized in an industrial manner Benefits  Higher security of ID products  Machine-readability of the security features Users  Governments issuing identity products www.gemalto.com
  • 7.
    Information Security Investments Userneed  Today, a widely recognized need for improving the success of security related investment proposals within the organizations; how to get more resources for information security (IS) investments from the company management Solution  A risk management tool for measuring the value of IS investments  Theoretical models, based on empirically testing, for explaining and predicting investment decisions Benefits  Understanding the weaknesses of the current IS investment decisions, and persuasion methods for gaining resources for IS investments from the management Competition  The existing research on information security investments is not empirically proved to work in practice Users  Information security managers and other employees involved in the IS decision making within the organizations www.oulu.fi/english
  • 8.
    Business-Oriented Identity andAccess Management User need  To securely register users into e-services such as extranets and e-shops  Identity enrichment with attributes, entitlements and mandates are needed for e-services to be productive and smooth Solution  Business-oriented approach to identity and access management  The solution covers stakeholder services including identity registration and delegated management, together with extensive authentication and identity federation, identity enrichment, role management and e-mandates Benefits  Security along with efficiency and smoothness for customer eservices  Savings of 40€ per registration plus 20€ per transaction and session Users  Nordic and European companies www.ubisecure.com
  • 9.
    Role-centric Identity Need  Organisationshave a crucial need for identity control: Managing large complexities in a continuous changes Approach  A set of innovative and modular security components and processes to enhance role management within the infrastructure identity level and provide innovative role functionalities Benefits  Improved capacity to implement and deploy identity and security mechanisms and solutions  Stronger competitive position of European industry in the selected sectors Users  Healthcare and public safety organisations using networks for their business or administration www.roleid.org
  • 10.
    Storage Broker forMulti-Cloud Environments User need  Predictable cloud storage for data, accessible at any place with any device  Minimized risks, compliance with laws and regulations  Comparability of cloud providers Solution     Multi-cloud storage broker Cloud vendor benchmarking, user defined Service Level Agreement Value-adding security services as impartial third party The methods apply practices used in clean production in the high-tech industries Benefits  Lesser data lock-in and cost of switching cloud providers  Saving through supported decisions and risk management Users  Any large user of cloud services www.helsinki.fi
  • 11.
    Future Information SecurityTrends User need  Anticipate information security related risks and opportunities to appear within 5 – 10 years in Finland Solution  A report and a proposal for an on-going trend discovery process Benefits  The results will be public and available for all interested parties Users  All kinds of Finnish organizations http://magnet.erve.vtt.fi/kasi
  • 12.
    Modern Network andApplication Information Security Perception User need  Network managers require ability to prevent and detect information security incidents (malware, DoS attacks, etc.)  Current solutions provide limited functions, able to usually detect but not effectively prevent.  Complexity quickly and changing nature of network environment are problems Solution  More efficient methods are required for successful monitoring of networks and applications  Different statistical approaches were researched Benefits  Improved network security monitoring Users  Any network administrator with security requirements www.vtt.fi
  • 13.
    Information Security inIndustrial Control Systems User need  Plants to gain proper control of security situation Solution     Security requirement base for plant ICS Concept and procedure for site ICS security mapping Site specific results of overall ICS security mapping Initial plan for ICS security improvement programs Benefits  Support the continuation of the core production & prevent information security incidents in automation intensive production Users  Industrial production sites, plants, headquarters www.vtt.fi Identifying the current major ICS (Industrial Control System) security & continuity gaps and bottlenecks of industrial sites.
  • 14.
    Safety-Critical Software inMachinery "Bug" control Need  Faults in a machine program can cause severe hazards especially when program size increases Fault forecasting Fault prevention Solution  Ideas for software development model and criteria for selecting methods according to the case criticality and developer needs Fault tolerance Fault removal Benefits  Well-defined and yet flexible development process means typically lower design costs  Safety under control means less accidents, better product confidence and peace of mind for designers Users  Machine builders, software developers www.vtt.fi Methods for defect or “bug” control can be divided into four different categories
  • 15.
    Information Security Testing UserNeed  Adequate information security level under continuously evolving threatscape Solution  Novel security testing and network monitoring solutions → these include fuzz- and model based testing tools, as well as test case selection and anomaly detection methods Benefits  Integrity, confidentiality and availability of information, services and data is maintained at acceptable level Users  Software and embedded system vendors and operators in different fields  Any party striving to improve information security level of their products or infrastructure www.itea2-diamonds.org
  • 16.
    Know Which WebsitesTo Trust User need  Make informed decisions whether to visit a website or not, especially when visiting unknown sites  Decisions are made based on website reputation and user reviews made by millions of users worldwide Solution  A crowdsourced service which enables every user to rate and review a website based on their own experiences These ratings and reviews help other users to make informed decisions whether to trust a site or not  WOT has developed an innovative algorithm that makes the system reliable and difficult to manipulate Benefits  Free and easy to use service which provides traffic-light style icons (indicating website reputation) next to search results, social networking sites, online emails and other popular sites Competition  WOT is a unique concept with no direct competitors worldwide. WOT currently co-operates with major internet players such as Facebook and Mail.ru Users  All interested Internet users, currently over 80 million downloads and over 42 million rated websites www.mywot.com The WOT add-on shows you which websites you can trust based on millions of users' experiences. The WOT safe surfing browser tool is easy-touse, fast and completely free.