The document describes several cyber security solutions from Tekes Safety and Security Programme. The first solution discussed is a total IT asset data erasure solution that can completely erase digital data from all IT assets such that the data cannot be recovered with any existing technology. The solution has the most comprehensive certification in the industry. The second solution discussed is a flexible and secure authentication solution that aims to improve authentication for internet services. The third solution is a testing-as-a-service called Fuzz-o-Matic that can test applications for vulnerabilities and ensure their safety.

1. Cyber Security
Solutions from
Tekes Safety and Security Programme

2. Total IT Asset Data Erasure
User need
 A secure, ethical, fast and convenient solution
for the complete erasing of digital data
Solution
 100% data erasure for all IT assets
 Cannot be recovered with any existing
technology
 Most comprehensive certification in the industry
 PC, mobile, file, server, data center and virtual
solutions
 Reports generated for every erasure
Benefits
 Increased data security, improved regulatory compliance
 Reduced costs through more efficient IT asset
administration
Users
 Banking and finance and defense industries
 Government organizations
 IT Asset Disposal professionals
www.blancco.com
Blancco has Certifications and Approvals
from eg.:
- Common Criteria (ISO 15408)
- Communications-Electronics Security
Group
- BSI - Federal Office for Information
Security
- NATO
- TÜV – SÜD
- The Norwegian National Security
Authority
- The USA Department of Defense

3. Flexible and Secure Authentication
User need
 Authentication to Internet services cries for radical
improvement : it is cumbersome and unreliable
Solution
 An authentication solution that integrates with the
current end-user devices and services
Benefits
 Provides usability, security and privacy for all users
of Internet services
 Solves the shortcomings of competing alternatives
in usability, security, and deployment
 Partners onboard have a unique chance to take
advantage of the inexorable paradigm shift of
authentication to Internet services
Users
 All end-users that use Internet services
www.cwc.oulu.fi / Jani Pellikka, jpellikk@ee.oulu.fi

4. Fuzz-o-Matic: Testing-as-a-Service for
Application Security and Robustness
Need
 Discovering dependencies on third-party libraries and applications
 Ensuring that used applications do exactly what they’re supposed to do
 Robustness test your applications and ensure their safety
Approach
 Fuzz-o-Matic is a scalable testing-as-a-service offering
 Scans the existing open source binaries, and then fuzz-tests all potential
interfaces
 Supports Windows, Linux, Android and iOS applications
Benefits
 Reliable and repeatable test results, find the existing vulnerabilities in the
Open Source libraries
 Quality Assurance
Competition
 Some competitors have similar services for known vulnerabilities
Users
 Software and hardware companies, web service providers
www.codenomicon.com

5. Secure Your Mass Memory Devices
User need
 Protect data on various mass memory devices as
well as in could
Solution
 Protect a confidential document by encrypting it
and removing small random parts of it to another
location
Benefits
 Easy to use, high level of protection
 Guarantee data integrity and allowing document
tracking
Users
 Small and larger corporations, government
agencies, etc.
http://www.envaultcorp.com/
A simple but brilliant idea: Protect a
confidential document by first encrypting it
and then removing small random parts of it
to another location.

6. Insertion and Detection of Data in
Portrait Images
Need
 Increase the security of card holder´s image by various digital means, based
on visible and invisible markings (watermarking, guilloches, image hashing)
 The security need arises from increased international crime such as
terrorism, and human and drug trafficking. Technically the need for this type of
solutions arises from two trends: growing ratio of ID and travel documents
being equipped with micro-processor chips; and more widely spread reader
infrastructure for document authentication at borders and by police
Approach
 Define and build a demonstrator
system, including personalization
machine, software solution, and a
product that can be manufactured and
personalized in an industrial manner
Benefits
 Higher security of ID products
 Machine-readability of the security
features
Users
 Governments issuing identity products
www.gemalto.com

7. Information Security Investments
User need
 Today, a widely recognized need for improving the success of
security related investment proposals within the organizations;
how to get more resources for information security (IS)
investments from the company management
Solution
 A risk management tool for measuring the value of IS investments
 Theoretical models, based on empirically testing, for explaining
and predicting investment decisions
Benefits
 Understanding the weaknesses of the current IS investment
decisions, and persuasion methods for gaining resources for IS
investments from the management
Competition
 The existing research on information security investments is not
empirically proved to work in practice
Users
 Information security managers and other employees involved in
the IS decision making within the organizations
www.oulu.fi/english

8. Business-Oriented Identity and Access
Management
User need
 To securely register users into e-services such as extranets and
e-shops
 Identity enrichment with attributes, entitlements and mandates
are needed for e-services to be productive and smooth
Solution
 Business-oriented approach to identity and access
management
 The solution covers stakeholder services including identity
registration and delegated management, together with
extensive authentication and identity federation, identity
enrichment, role management and e-mandates
Benefits
 Security along with efficiency and smoothness for customer eservices
 Savings of 40€ per registration plus 20€ per transaction and
session
Users
 Nordic and European companies
www.ubisecure.com

9. Role-centric Identity
Need
 Organisations have a crucial need for identity
control: Managing large complexities in a continuous
changes
Approach
 A set of innovative and modular security
components and processes to enhance role
management within the infrastructure identity level
and provide innovative role functionalities
Benefits
 Improved capacity to implement and deploy identity
and security mechanisms and solutions  Stronger
competitive position of European industry in the
selected sectors
Users
 Healthcare and public safety organisations using
networks for their business or administration
www.roleid.org

10. Storage Broker for Multi-Cloud
Environments
User need
 Predictable cloud storage for data, accessible at any place with any
device
 Minimized risks, compliance with laws and regulations
 Comparability of cloud providers
Solution




Multi-cloud storage broker
Cloud vendor benchmarking, user defined Service Level Agreement
Value-adding security services as impartial third party
The methods apply practices used in clean production in the high-tech
industries
Benefits
 Lesser data lock-in and cost of switching cloud providers
 Saving through supported decisions and risk management
Users
 Any large user of cloud services
www.helsinki.fi

11. Future Information Security Trends
User need
 Anticipate information security related risks and
opportunities to appear within 5 – 10 years in Finland
Solution
 A report and a proposal for an on-going trend discovery
process
Benefits
 The results will be public and available for all interested
parties
Users
 All kinds of Finnish organizations
http://magnet.erve.vtt.fi/kasi

12. Modern Network and Application
Information Security Perception
User need
 Network managers require ability to prevent and
detect information security incidents (malware,
DoS attacks, etc.)
 Current solutions provide limited functions, able
to usually detect but not effectively prevent.
 Complexity quickly and changing nature of
network environment are problems
Solution
 More efficient methods are required for
successful monitoring of networks and
applications
 Different statistical approaches were researched
Benefits
 Improved network security monitoring
Users
 Any network administrator with security
requirements
www.vtt.fi

13. Information Security in Industrial
Control Systems
User need
 Plants to gain proper control of security situation
Solution




Security requirement base for plant ICS
Concept and procedure for site ICS security mapping
Site specific results of overall ICS security mapping
Initial plan for ICS security improvement programs
Benefits
 Support the continuation of the core production &
prevent information security incidents in automation
intensive production
Users
 Industrial production sites, plants, headquarters
www.vtt.fi
Identifying the current major ICS (Industrial
Control System) security & continuity gaps
and bottlenecks of industrial sites.

14. Safety-Critical Software in Machinery
"Bug" control
Need
 Faults in a machine program can cause
severe hazards especially when program
size increases
Fault forecasting
Fault
prevention
Solution
 Ideas for software development model and
criteria for selecting methods according to
the case criticality and developer needs
Fault tolerance
Fault removal
Benefits
 Well-defined and yet flexible development
process means typically lower design costs
 Safety under control means less accidents,
better product confidence and
peace of mind for designers
Users
 Machine builders, software developers
www.vtt.fi
Methods for defect or “bug” control
can be divided into four different
categories

15. Information Security Testing
User Need
 Adequate information security level under continuously
evolving threatscape
Solution
 Novel security testing and network monitoring solutions
→ these include fuzz- and model based testing tools, as
well as test case selection and anomaly detection
methods
Benefits
 Integrity, confidentiality and availability of information,
services and data is maintained at acceptable level
Users
 Software and embedded system vendors and operators
in different fields
 Any party striving to improve information security level
of their products or infrastructure
www.itea2-diamonds.org

16. Know Which Websites To Trust
User need
 Make informed decisions whether to visit a website or not,
especially when visiting unknown sites
 Decisions are made based on website reputation and user
reviews made by millions of users worldwide
Solution
 A crowdsourced service which enables every user to rate and
review a website based on their own experiences These
ratings and reviews help other users to make informed
decisions whether to trust a site or not
 WOT has developed an innovative algorithm that makes the
system reliable and difficult to manipulate
Benefits
 Free and easy to use service which provides traffic-light style
icons (indicating website reputation) next to search results,
social networking sites, online emails and other popular sites
Competition
 WOT is a unique concept with no direct competitors
worldwide. WOT currently co-operates with major internet
players such as Facebook and Mail.ru
Users
 All interested Internet users, currently over 80 million
downloads and over 42 million rated websites
www.mywot.com
The WOT add-on shows you which websites
you can trust based on millions of users'
experiences.
The WOT safe surfing browser tool is easy-touse, fast and completely free.