Research Group Network and Systems Engineering Cyber Security
It is surprisingly often that the world, usually unconscious of the risks though sometimes conscious of them, falls on new developments such as the Internet of Things (the linking of devices via the ‘cloud’). This already leads to record DDoS (Distributed Denial of Service) attacks, but in the future, may also lead, for example, to mobile network failures or power cuts or a combination of both. Cybersecurity is relevant to all disciplines.
The Network and Systems Engineering Cyber Security research group focuses on three key areas:
- Identity and Access Management
How we determine who can access a system and when that access is acceptable. - System Security, with an emphasis on the Internet of Things
New applications enable uses to use the data in their devices safely - Usable Security
Finally, Usable Security investigates the intersection between application security and human factors: how can we build secure systems that users want to use rather that looking for ways around them?
All of these are increasingly important, as they are of great societal and economic significance. As cybersecurity is relevant to all disciplines and a must for every professional, whether we are talking about the health industry or in the economic domain where new e-commerce business models arise continuously. That is why the research group works together with all the research platforms, but primarily with Good Governance for a Safe World. This requires multidisciplinary research combined with the expertise from, for example, legal specialists and public administration officials.
Examples of practice-based research
5G Research
Mobile communications became an essential part of our human interactions, contributing to the economic and social development of the world population. From developed to developing countries, mobile communications is woven into communicative practices of millions of people everywhere, shaped and adjusted by people and organizations according to their needs. Previous generations of mobile networks have delivered communications services such as voice, messaging and data, using respectively 1G, 2G, 3G & 4G. Mobile communications has become one of the most important technology in the modern world. But the demand for data throughput and information exchange capabilities have increased beyond people’s needs.
The 5th generation, 5G NR, is expected to transform the future society, by enabling pervasive computerization of various physical objects with sensors, controller and transmitter. This principle is called the Internet of Things (IoT). The foreseen adoption of 5G NR raises security and privacy concerns. Indeed each previous iteration of mobile communications protocol faced various security and privacy issues. Furthermore the security and privacy results from the previous mobile communications set a dubious scene for the 5th generation. The Research Group Network and Systems Engineering, part of the Centre of Expertise Cyber Security, decided to investigate signal communications from a security and privacy approach including previous mobile communications and explore the 5th generation of mobile communication protocols.
Health care
The research group studies how the use of smartphones connected to smart devices like blood pressure monitors and scales can be optimised for both patients and their doctors. The limiting condition here is that patient privacy is guaranteed and personal and private data only shared with the treating physician.IoT
The research group studies information ‘leaked’ in the market by IoT devices. Even if information cannot be read directly from a device due to encryption, there is still much information that can be accessed based on the data traffic. For example, if we monitor the rough data traffic to and from door sensors and see that there is indeed a flow of data, we can assume that the sensors are in use.
Trusted IoT
Trusted computing in general deals with making sure that the systems that you interact with are trustworthy. Does the hardware match what you ordered from the supplier, or has a malicious actor managed to compromise the supply chain and insert some components that spy on you, or exfiltrate your data? Can you be sure that the firmware that controls your network or graphics adapter, or even your power supply, has not been modified? What about the boot loader and the operating system kernel? There are a number of different steps you can take to make sure you can trust the system you provide your secrets to: Verified and measured boot processes, trusted platform modules and remote attestation, and trusted execution environments. In desktop and server environments, these things are approaching maturity, but in the IoT space, there is still room for improvement. We investigate what is currently being done in commodity IoT devices, and see what can be done with available systems suitable for deployment into the Internet of Things.
Team
Saman Barjas
Michael Gilhespy
Bernard van der Helm
Daniel Meinsma
Saman Barjas
Michael Gilhespy
Bernard van der Helm
Daniel Meinsma
About the professor
dr. Mathias Björkqvist
Projects
DurableCASE: robotic vehicles in the agricultural sec-tor
Internship & Thesis Projects
Previous student projects
Publications
Thesis
Secure Naming for Distributing Computing using the Condensed Graph Model
Article
Cloud-Based Intelligence Aquisition and Processing for Crisis Management
Thesis
Secure Naming for Distributing Computing using the Condensed Graph Model
Implementing a distributed computation architecture has several basis functional requirements, such as load balancing, fault tolerance and security. The challenge is in how you manage these requirements as a whole. Security is a specific problem in that it is made up of a number of important aspects, such as confidentiality, integrity and availability. Each of these aspects is vital in a distributed system.One important aspect of security is access control. The central premise of this thesis is: “If you can name it, you can control access to it”.This dissertation examines the security requirements of the WebCom distributed computing environment and develops the security architecture for WebCom, primarily to provide a systematic access control mechanism for condensed graph applications.The flexibility of this architecture is demonstrated with a number of case studies, including a micropayment architecture for distributed computations, an automated administration architecture for Grid and an activity based secure workflow architecture.
T.B. Quillinan. Secure Naming for Distributing Computing using the Condensed Graph Model. Ph.D. Thesis. University College Cork, Cork, Ireland. July 2006.
Article
Cloud-Based Intelligence Aquisition and Processing for Crisis Management
Contemporary crisis management has to deal with complex socio-technical environments involving many interdependent elements. Many dependencies in such settings result in complex cascading processes that can have adverse effects on the population, environment, and economy. Adequate situation awareness and the capability to
predict the development of a crisis situation under different circumstances is a critical element of effective, and timely, crisis management and response.
de Oude, Patrick; Pavlin, Gregor; Quillinan, Thomas; Jeraj, Julij, and Abouhafc, Abdelhaq. (2017). Cloud-Based Intelligence Aquisition and Processing for Crisis Management. 133-153. 10.1007/978-3-319-52419-1_9