Strategic Platforms Information Security 2014

Strategic Platforms

Information Security 2014

---Data Mining for security process monitoring

New authentication mechanism for System Information

Call for « Expression of Interest »

Submission form

Strategic Platforms Security Information2014

Data mining for Security process monitoring & New

authentication mechanism for system information

Introduction

The Regional Plan for Innovation (RPI), approved by the Government in Brussels in 2006, defines the regional strategy in scientific research and technological innovation for the period 2007-2013. Specifically, the strategy aims to combine a balanced way, on the one hand, the development of the competitiveness of existing industrial base in the Brussels-Capital, on the other hand, the concentration of resources on three areas:

 ICT (information and communication)

 Health

 Environment

Among the strategic areas developed under the RPI, the stimulation of innovation is one of the essential pillars. Concrete actions at this level involve upstream interventions by strengthening the technological potential of research units.

The action “Strategic Platforms” funds research projects with a short/medium valorisation perspective and performed in a collaborative and multidisciplinary way within universities, colleges and research centres located on the regional territory.

In 2011, the Minister in charge of the economy, the employment and the scientific research has initiated an update of the RPI presenting concrete actions for 2012-2014. The short-term (2013-2014) concrete actions of this updated RPI strengthen and perpetuate existing tools. Hence, the updated version of the RPI planned to set up a strategic platforms programme in the Civil Security field in 2014.

In the document from the consultant that was at the basis of this updated version of the RPI, the recommendations propose in the linked actions (strategic platform included) to focus on the most promising niche in Brussels, being Information Security.

Content

The first semester of 2014, Innoviris performed a consultation of the main actors involved in the Information Security sector. The objective was to determine the relevant subthemes in Information Security for both the enterprises and academics knowing that the enterprises have specific needs and academics have different capabilities.

Therefore, Innoviris created a Framework categorizing the different topics in Information Security encountered by the enterprises and academics. The framework gives as output the most relevant domains for both types of actors.

Figure 1: Every capacity or need can be classified in the 3-axes framework

The different axes used in the framework to classify the data are the following:

1

st

level

 Policy and Procedure The topic is about solutions to organizational challenges

 Technology The topic is about solutions to technical challenges

 Education The topic is about educating stakeholders on information security

2

nd

_level

 Confidentiality Confidentiality is a set of rules or a promise that limits access to certain types of information

 Integrity Integrity is the assurance that information can only be accessed and

modified by those authorized

 Availability Availability is the quality of being at hand when needed

 Authentication Authentication is the process of determining whether someone or

something is, who or what it is declared to be

 Non-Repudiation Non-Repudiation is the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature

3

rd

_level

 Storage ( ) The topic is about how information is stored

 Processing ( ) The topic is about how information is processed

 Transmission ( ) The topic is about how information is transmitted

With this framework, Innoviris met various organizations, institutions and companies of different sizes (from Small & Medium Enterprise to large companies) in different sectors (e.g. Finance, Telecom, Security, Public …) to determine their current needs.

Figure 2: The results of the needs for the business side shows an additional focus on Policy & Procedure and Education, on Authentication and on Transmission

Innoviris also met different universities and research centres from Brussels to determine the topics in Information Security on which they have research capabilities.

Figure 3: The results of the capabilities in the universities and research centres shows a high focus on Technology, Authentication and on Transmission

The most relevant domains given by the framework for both enterprises and academics are centred on securing transmission and improving authentication confidentiality and integrity measures. From this analysis, three themes were chosen from the top domains.

Figure 4: The topic where most capabilities from the research side and most needs from the business side emerge on the 2nd _{level is authentication}

After this round of consultation, Innoviris organised a workshop with a cluster of enterprise to fine-tune the three themes that emerged from the first round. During this workshop, the three initial themes were presented and challenged by the participants to evolve to the themes presented in this call for “Expression of interest”.

The two identified themes are:

 New Authentication mechanism for information systems

 Data mining for Security process monitoring

New Authentication mechanism for information systems

Authentication in information security systems have been in place for more than 30 years mainly as login password combinations. As this method is deeply rooted in the products, the change to safer authentication methods is happening only slowly and mostly in the realm of online services. This creates multiple challenges.

The user’s credentials are often the last line of defence for company’s assets. Weak passwords, password re-usage and noncompliant use puts information at risk. Multiple attack vectors exist and are regularly used by criminals and law agencies. Code cracking abilities are rising due to cheap computational power

Ideally authentication systems need to be easier to use than to bypass. Example for topics:

 Create secure protocols or cryptographic solutions (e.g. quantum cryptography)

 Develop login interfaces or mechanism with optimized adoption rates

 Optimize Multi-factor authentication mechanisms

 Develop Drop-In replacement solutions for changing authentication mechanisms

 Secure implementations of cryptographic token

 Automated Quality Assessment

 Authentication using Watermarking and Perceptual Hashing

Data mining for Security process monitoring

Due to the widespread use of information systems an avalanche of data ( and more particularly raw data of log files or event logs generated by various networking devices, Operating Systems and Application Servers ) continues to grow in systems.

While law enforcement agencies have been able to upgrade their capabilities in the last decade, individuals and corporations have yet to find an answer to the increasing amount and orchestration of attacks of their information assets. This risk is enhanced by the unbalance of power of criminal organisations vs. information security resources available. The “internet of things” will provide even more data in less time, which needs to be analysed to identify attacks.

Therefore there is a need of automating data mining and thus facilitating the task of information security officers. There is also an opportunity to use already existing data that is currently not or not enough valorised due to the difficulty to get information out of it. The processing of various raw data with data mining and machine-learning techniques can also anticipate and predict security problem, vulnerabilities and attack.

Examples for topics:

 “Internet of things” real time risk assessments

 Embedded platforms security fuzzing approaches (energy, automotive, e-health,…)

 Multimodal distributed node data aggregation and attack pattern recognition

 Fail-safe implementations and actionable alert reports

Platform

Sponsorship

Each project must be sponsored by at least one organisation representing the end users and/or stakeholders (a company, a non-profit association or an institutional organization). The sponsor will be involved all along the project to validate the valorisation, the exploitation or the dissemination of the results. It is upon the sponsor to clearly describe the way he will be involved.

Consortium

The consortium of partners must

 Be composed of at least 2 institutions

Duration

The duration of the project will last minimum 2 years and maximum 3 years.

Valorisation

The project will be an applied research project with a short/mid-term economical and/or social valorisation. To show the economic value of the project, the number and the level of involvement of the companies interested in the project can be followed using the framework displayed in Figure 5.

Figure 5: Depending on the number of partners and their level of interest, different ways to valorise the project can be applied

Each level of involvement, and the number of companies at each level, gives information on the economic value of the project:

 Inspiration/Sensibilisation This level shows all the companies that are interested by the project.

 Challenging At the challenging level, the organizations give their active

feedback on the project

 Collaboration Deeper on the collaboration level, the organizations start to

work together on the project

 Pilot Case These companies accept to be the first pilots for the project

 Innovation project together At this level, the organizations are fully integrated in the innovation project.

Some examples of economical valorisation are

 Spin-off creation

 Transfer of knowledge through IRD (Industrial Research & Development ) projects, outsourcing, ...

 Technology transfer to companies

 Sale / licensing of IP to companies Some examples of social valorisation are

 Easier security for everyone

 Increased security of personal data

 Reduction of fraud/phishing

 Unsuccessful industrial espionage leads to safer jobs due to economic advantages

Evaluation Process

Start Elaboration and submission of projects for selected proposals Express of Interest Selection of proposals Governmental decision Projects evaluation and selection January December November October September August July June May

Partners information

Title:

Applications topics (choose the topic(s) of the research)

 New Authentication mechanism for information systems

 Data mining for Security process monitoring

Applicant information: indicate the data of the proposed research centers (min 2).

Research Unit 1

(Coordinator):

Name, forename: E-mail, Phone Profile: Institution: Research Unit:

Research Unit 2:

Name, forename: E-mail, Phone Profile: Institution: Research Unit:

Description of the research proposal

Summary (objectives/scientific strategy) (max. 1 page)

1. Describe the project objective and research goals.

2. Define briefly the addressed problems by relating them to the current state of knowledge.

3. Justify the originality of the proposal and its innovative character.

Potential valorization of the results

Summary

(max. 1 page)

Sponsorship

Summary

(max. 1 page)

Major publications of the applicant in the field

of the proposed research (max. 3)

Listing

(max. 1 page)

Give a list of maximum 3 most relevant recent publications of the partners in direct relation with

the proposed research.