Protecting Digital Services
-
The role of Cyber Security District –
43rd TF-CSIRT Meeting Rome, September 19, 2014
Rocco Mammoliti, Poste Italiane
9/22/14
2
9/22/14
3
Cyber Security District - Cosenza
• Cyber Security District falls within the initiatives that the Italian Ministry for University and Research
(MIUR) has been promoting in the framework of National Operative Program – Research and Competitiveness 2007-2013.
Kick-off: 01/07/2013
Cyber District staff: around 200 people MIUR Funding: 30 mln€
Benefits
ü Setup of a centre of excellence in Cyber Security
ü Research and innovation applied to industrial needs
ü Development of Industrial Prototypes
ü Covering of costs and investments thanks to funding of research activities
ü Requalification of internal personnel
• Poste Italiane takes part to the District as the Leading Partner of
a group made up of Universities/ Research Bodies and other Industrial counterparts.
• A Privacy Service Center has been set up, with reference to a
nucleus of dedicated professionals, highly skilled and continuously trained which will act in full synergy with the operational activities of the CERT, with the aim to analyze, innovate and secure all the processes related to preserving customers’ privacy.
9/22/14
4
• Privacy preserving and end to end security in mobile landscape taking into account mobile malware, interactions
between mobile apps and other entities ( e.g. Server, other apps, etc), user behaviour
• Technical security standard and law compliance meta-standard
• Cyber security Risk Monitoring
• Knowledge discovery, security intelligence, predictive analysis
• Systemic Risks/ quantitative Risk Analysis
• Forensics Analysis
• Cryptoanalysis, Watermarking , Information Hiding
Cyber Security District - Cosenza
Phase 1:
• Realization of 3 Project Streams of Industrial Research (2013-2015):
• End User Protection – Personal Mobile Security
• Digital Service Protection, Cloud Security and Payment Services
• Secure dematerialization
• Specific professional training (18 months)
Phase 2:
ü Maintenance and consolidation of District activities (2016-2020)
Cyber Security District will be developed in two phases
9/22/14
5
MISSION
ECOSSIAN
• Development of a cross boarder European early warning system for critical infrastructures
• Three tier of collaborative, interconnected Secure Operation Centres (SOCs)
– Local/sub-state SOC
early detection and data collection with aggregation
– National SOC
Situational Awareness using aggregated and correlated data
– Transnational SOC with command and control capabilities with inclusion of
member state SOCs
Transnational Situational Awareness and coordinated and consistent crisis management
The mission of ECOSSIAN is to improve the detection and management of highly sophisticated cyber security incidents and attacks against critical infrastructures by implementing a pan-European early warning and situational awareness framework with command and control facilities.
EUROPEAN CONTROL SYSTEM SECURITY INCIDENT ANALYSIS NETWORK June 2014 à May 2017 // www.ecossian.eu //
9/22/14
6
https://www.distrettocybersecurity.it/ #CSDistrict
Francesco Buccafurri
University of Reggio Calabria (Italy) [email protected]
} A new lightwheight PRNG (SECRYPT 2014)
} A privacy-preserving solution for tracking
people in critical environments. (STPSA 2014)
} sketch on a vulnerability of PKCS#7-based
digital signature (SIN 2009)
} Next steps and Conclusions
A Novel Pseudo Random Number Generator
based on L'Ecuyer's scheme
by Francesco Buccafurri and Gianluca Lax (University of Reggio Calabria)
Proc. of the 11th International Conference on
Security and Cryptography (SECRYPT 2014),
Vienna, Austria, 28-30 August 2014.
}
Typically, PRNGs use cryptographic func=ons or one-‐
way func=ons with high computa=onal effort
}
In some situa=ons, computa=onal effort or power
consump=on is limited (mobile devices, token OTP,
wireless sensor networks, wireless devices, etc.)
}
We propose a lightweight RNG based on the classical
L’Ecuyer’s scheme relying on very simple func=ons
and easily implementable (also in hardware)
} The classical
L’Ecuyer’s scheme
consists of a tuple⟨ S, T, O, g, s0 ⟩:
• S is the finite state set
• T : S → S is the transi=on func=on
• O the output space
• g : S → O the output func=on
• s0 ∈ S the (ini=al) seed
} Set S of states:
◦ 1023-‐bit strings
} Transi2on func2on T:
◦ T(s) is obtained by reversing the string s and summing m (modulo
21023) – m is a posi=ve odd integer parameter
} Output func2on g:
◦ g(s)=CRC128(>>s) where >>s is obtained from s by circularly right
shiZing it as many =mes as the number of 1s occurring in it
}
Valida=on by the state-‐of-‐the-‐art sta=s=cal test suite
(NIST 800-‐22) -‐ 16 tests
The scheme is resistant to:
}
Period-‐based a\acks (the period is 2
1023)
}
CRC-‐linearity-‐based A\ack
}
Palindromic-‐based A\ack
}
Output-‐Observa=on-‐Based Brute Force A\acks
}
Theorem.
The amor)zed cost of the transi)on
func)on algorithm is
constant
in the number of bits
of the state.
}
As for CRC computa=on, it is speed up by means of a
pre-‐computed lookup table
}
Very easy hardware implementa=on
A Privacy-Preserving Solution for Tracking People in Critical Environments
by Francesco Buccafurri, Gianluca Lax, Serena Nicolazzo, and Antonino Nocera (University of Reggio Calabria)
Proc. of the 9th IEEE International Workshop on Security, Trust and Privacy for Software
Applications, Vasteras, Sweven, July
21--25, 2014, IEEE computer society.
} In critical environments we have the need of
controlling physical access and people’s localization.
} RFID-based solutions: effective, but often
intolerable for privacy reasons (also not compliant with law requirements).
} Open problem: Trade-off between
surveillance requirements and privacy rights
18
} RFID-based technique to generate logs (i.e.,
location traces) that allows us to (partially)
trace people but introducing a certain degree of uncertainty
} Logs fulfill a 𝑘-anonymity property: given an
instant of time 𝜏 and a person 𝑝, it is
possible to guess the location (with
adjustable approximation) of 𝑝 with a
probability 𝑘↑−1 , where 𝑘 represents a
privacy requirement.
}
Classical
k
-‐
anonymity
localiza2on
◦
changes or extends the exact user posi=ons in such
a way that
k
users are confused each other (not
effec=ve for in-‐door localiza=on)
}
Our approach
◦
returns, given a loca=on log, a number of
k
possible users located in this place, with no
detectable correla=on
} When a person enters a zone, the sensor associated with
this zone reads the identifier EPC (Electronic Product Code) of the RFID tag.
} sensors transforms the 96-bit EPC into a new ID colliding
with 𝑘 people.
} First EPC is mapped into [1..t] (where t is the number of
tags)
} Then, a random (distributed) permutation function RPF
operating [1, 𝑡] is used to mix tags in the set.
𝑅𝑃𝐹: ℤ↓𝑡↑∗ → ℤ↓𝑡↑∗ 𝑅𝑃𝐹(𝑖)= 𝑖∙ 𝑔 (𝒎𝒐𝒅 𝑡), for any 𝑔∈{1, …, 𝑡}
} Now, a hash function [1, 𝑡] à [1, 𝑑] is applied where 𝑑 ≤ 𝑡.
} Data are neither stored or sent through the
network, but they are elaborated by sensors and transformed to logs compliant to privacy requirements and, finally, sent to the server, which stores such logs.
} In 2008 we identified a possible attack on PKCS#7 digital
signature
} We called this attack Dalì attack, due to the ability of the famous
painter to depict double-image paints like «the image disappears»
} We did this with files
} This ambiguous presentation
is not detected by digital signature
} It suffices for the attacker to
change the name/extention
Ex: copyright.pdf.p7m à auth.tif.p7m
} A number of publications since 2008 (authors: Francesco Buccafurri, Gianluca Caminiti, Gianluca Lax)
} Interest of national press (Panorama - national weekly magazine) and ISSA association
(Information Systems Security Association - USA) } Interest of AGID and inclusion of a change in
national technical rules about digital signature
} Application of the new PRNG to strong
authentication and other security features in e-payment systems and cloud-based services
when power consumtion is critical
} Application of our privacy-preserving
localization technique to improve
accountability in finantial critical environments
} Best Practices and countermeasures to
correctly take into account the Dalì threat to legal electronic storage.
