Cybersecurity Analytics and Defences
Fortify Internet Systems and Services
Modern societies continually face emerging threats in the cyber space. Despite the tremendous efforts to secure the cyber space, most defences are not widely deployed, and the existing countermeasures are often circumvented. In contrast, the extent and sophistication of the attacks are on a constant rise. The attacks target critical infrastructure, cyber physical systems, financial organisations, email and web services, cloud platforms and data centers, users and the Internet infrastructure. The attacks deplete resources via denial of service, disrupt the functionality and operation of systems and enable the perpetrators to intercept the communication, e.g., for surveillance, censorship, malware distribution, credentials theft.
Fraunhofer SIT is focused on fortifying the foundations of the Internet, and on developing easy to deploy defences, ensuring security and availability of the Internet. To that end, we study vulnerabilities in the standards and in the design of the deployed systems and services in the Internet, we research challenges and obstacles towards adoption of cryptographic schemes for defences of systems and networks and study incorrect deployments of cryptography. In particular:
- Defences against Denial of Service (DoS) attacks: DoS attacks pose a critical threat to Internet stability, and are used as a tool for censorship, for eliminating competition, or for cyberwarfare between nationstates or groups. We design and develop easy to deploy and effective defences preventing DoS attacks.
- Detection of malware and advance persistent threats (APTs): a large fraction of the Internet computers is infected with malware (malicious software). Attackers can then exfiltrate sensitive users’ data (such as credentials, passwords or credit card numbers), perform eavesdropping on the communication, or can exploit compromised computers in DoS campaigns. We develop network based malware detection techniques.
- Design and adoption of cryptographic schemes: integration of cryptography into Internet systems introduces multiple challenges and obstacles. In particular, design and adoption of defences requires understanding of the architecture of the Internet infrastructure. Furthermore, adoption of cryptography may also result in reduced security, when deployed incorrectly. We use Internet measurements for inferring the topology and configuration of the Internet networks and services, and adjust the cryptographic schemes to match and interoperate with the existing systems.
- Privacy and anonymity: privacy of the data and communication is essential for economy, autonomy of the Internet and safety. Unfortunately, recent revelations pertaining to surveillance by the nation-states and publicised attacks show that privacy is a far dream. We design privacy preserving communication protocols, ensuring efficiency and quality of service.
Our research topics concern the following systems:
- Internet infrastructure: security of the fundamental building blocks, such as routing and naming systems, comprising the foundations of the Internet, is critical to the security and stability of the Internet clients and services. Unfortunately, the Internet infrastructure, as well as the services that it provides, is subject to numerous attacks. We research vulnerabilities in the Internet infrastructure, such as those allowing to intercept the communication, and design countermeasures preventing the attacks.
- Cloud platforms: cloud offers a convenient platform providing hosting and management of services for customers. However, coresidence and sharing of the platform between multiple customers (often with conflicting interests), introduces new security challenges. We research security aspects, such as isolation on a network layer, as well as infrastructure guarantees provided by the cloud platform.
- Web: a majority of the attacks against end users exploit vulnerabilities in the web as well as in incorrect or vulnerable deployment of cryptographic mechanisms. Securing the web is critical to enabling clients to perform online transactions and communications, and important for guaranteeing profit of the service providers. We evaluate security of browsers, and communication channel.
- Voice over IP and mobile communication: telephony is increasingly operated over IP networks. Intercepting phone communication is detrimental to privacy and security of individuals, organisations and governments. We investigate vulnerabilities exposing to attacks and design countermeasures preventing them.
- Industrie 4.0 and cyber physical systems: elements involved in production of Industrie 4.0 are interconnected between themselves and the Internet. Cyber physical system monitor physical processes, sensors and devices. Within this context we also study industrial control systems, in particular, SCADA. Securing the communication is substantial to preventing catastrophic events and incidents. We research fault tolerance and evaluate vulnerabilities pertaining to communication between the devices on the grid.