1st June 2017
2nd June 2017
Steven Furnell is a professor of information systems security and leads the Centre for Security, Communications & Network Research at Plymouth University. He is also an Adjunct Professor with Edith Cowan University in Western Australia and an Honorary Professor with Nelson Mandela Metropolitan University in South Africa. His research interests include usability of security and privacy technologies, security management and culture, and technologies for user authentication and intrusion detection. He has authored over 270 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005).
Prof. Furnell is the Chair of Technical Committee 11 (security and privacy) within the International Federation for Information Processing, and is a member of related working groups on security management, security education, and human aspects of security. He is also a board member of the Institute of Information Security Professionals, and chairs the academic partnership committee and southwest branch. Further details can be found at www.plymouth.ac.uk/cscan, with a variety of security podcasts also available via www.cscan.org/podcasts. Steve can also be followed on Twitter (@smfurnell).
Web page: http://cscan.org/?page=staffprofile&id=1
Build it and they will come? Questioning our provision of security technologies
While organisations often provide (and indeed invest in) security technologies, they can frequently find that there does not appear to be a commensurate reduction in related incidents. However, the reason for this is often unrelated to the effectiveness of the technology itself, but rather the fact that it depends upon people in some way.
This presentation considers the challenge of bridging the gap between simply providing technologies, and actually having solutions that are used effectively. Some of the challenges relate to ensuring sufficient the clarity around how to use the technology, whereas others are more related to user satisfaction with the resulting experience. The discussion will draw upon a number of user-facing examples, with a particular focus upon authentication technologies, which are amongst the most frequently encountered aspects of security form the user perspective.
Edgar R. Weippl (CISSP, CISA, CISM, CRISC, CSSLP, CMC) is Research Director of SBA Research and associate professor (Privatdozent) at the Vienna University of Technology and teaches at several universities of applied sciences (Fachhochschulen). His research focuses on applied concepts of IT-security; he is on the editorial board of Elsevier's Computers & Security journal (COSE), general chair of ACM CCS 2016 and PC Chair of SACMAT 2017.
After graduating with a Ph.D. from the Vienna University of Technology, Edgar worked for two years in a research startup. He spent one year teaching as an assistant professor at Beloit College, WI. From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant for an HMO in New York, NY and Albany, NY, and for the financial industry in Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and founded together with A Min Tjoa and Markus Klemen the research center SBA Research.
Web page: https://www.sba-research.org/
Empirical in Information Security: Peering, Net Neutrality and Privacy
Over the last years, there is an increasing number of descriptive works observing and describing complex phenomena, e.g., the efficiency of different spam campaigns, the distribution of bots, or the likelihood of users to accept false identities as friends in social networks. These studies are characterized by large sets of samples.
Future research will focus on networks and cloud systems; the research methodology will be empirical systems security: (1) passively observing large systems and (2) active probing that stimulates revealing behavior of the systems. The research contribution lies in observing, describing and inferring the behavior of complex systems that cannot be directly observed and have a large impact on users.
In this presentation we will look at how we can measure whether ISPs implement peering, if they adhere to net neutrality and we will also look at aspects of privacy.
Gergely Biczók is an assistant professor at the Laboratory of Cryptography and System Security (CrySyS Lab) at the Budapest University of Technology and Economics. He obtained his PhD from the same university in 2010. He was a postdoctoral researcher at both the Future Internet Research Group of the Hungarian Academy of Sciences and the Norwegian University of Science and Technology. Also, he was a Fulbright visiting scholar to Northwestern University and a research fellow at Ericsson Research. His current research focuses on the economic aspects of networked systems including security and privacy with application areas ranging from cyberwar through social networks to connected vehicles. He currently holds a János Bolyai Research Scholarship from the Hungarian Academy of Sciences and represents Hungary in the IFIP Technical Committee 11 (security and privacy).
Presentation: Games of Cyber-Warfare
Involvement of nation-states in cyber-warfare has been gaining notoriety in recent years as evidenced by two developments. First, mainstream media has been reporting about cyber attacks of visible stature such as the Stuxnet incident in Iran, the hacking of the Ukrainian power grid or the much-publicized interference with the US presidential elections. Second, recognizing the powerful capabilities as well as the grave danger of weapon-grade cyber-attacks, major military organizations of nation-states and alliances are devising and implementing strategic plans for cyber-security and cyber-warfare. Given both its potential impact on national security and its high visibility, cyber-warfare has been a much researched topic in the (military) policy literature. Surprisingly, this is not the case from the techno-economic modeling standpoint.
In this presentation, we develop a simple game-theoretical model allowing for a joint analysis of both cyber-war (defence vs. attack) decisions as well as the investment decisions of nation-states. Capturing the unique characteristics of cyber vulnerabilities, we show how the incentives can create a Prisoner's Dilemma situation where the equilibrium is cyber-war. We also show how competition over the same pool of zero-day vulnerabilities may further inflame investment in cyber-war. We discuss the implications our analysis and present directions for future research on this topic.
Marian Novotny received his PhD in Computer Science from Faculty of Sciences of Pavol Jozef Šafárik University in Košice. In his PhD thesis he focused on design and analysis of security protocols. He is currently working as a specialized software engineer at ESET, where he is responsible for design, analysis and implementation of network intrusion detection systems. These detection systems are integrated in ESET products under names Network Attack Protection, Botnet Protection, Home Network Protection.
Presentation: Security of SOHO routers
The security of SOHO routers is growing in importance since these are positioned between local devices and the internet and therefore allow an attacker to perform various types of attacks such as phishing to obtain user credentials, installing malicious software or redirecting traffic. Moreover compromised routers can participate in DDoS attacks as a part of the distributed botnet infrastructure or provide VPN proxy services to hide various internet crimes.
The widely deployed cheap routers have often poor security design and can contain various application vulnerabilities that are regularly discovered and published by security researchers. Most important, the users do not care about the security of their routers and leave the default credentials unchanged. By this way SOHO routers are an interesting target for cybercriminals.
The end users connect more and more devices to the internet by the day. These devices are known as the Internet of Things. Many of these IoT devices are quite simple and even less secure than some of the routers. The Mirai Botnet is a real-world example of how easy it is to compromise these devices and we expect that more IoT vulnerabilities will be discovered in the near future.
In this presentation we shall show examples of attack scenarios and campaigns. We explain different techniques how a home router can be compromised just by visiting a malicious web site. In addition, we shall present statistics of different types of SOHO router vulnerabilities.
Radim Polcak is the head of the Institute of Law and Technology at the Law Faculty at Masaryk University. He teaches and publishes in cyberlaw and legal philosophy at Masaryk University and lectures as a guest at law schools in the EU and U.S. Radim is the general chair of the Cyberspace annual international congress; editor-in-chief of the Masaryk University Journal of Law and Technology; head of the Editorial Board of the Review of Law and Technology (Revue pro právo a technologie) and a member of the editorial boards and governing bodies of ICT-law focused scientific journals and international conferences around the EU. He is a founding fellow of the European Law Institute, a founding fellow of the European Academy of Law and ICT, a panellist at the .eu ADR arbitration court and a member of various governmental, security and scientific expert and advisory bodies and project consortia around the EU and Australia. Radim authored or co-authored over 150 scientific papers, books and articles namely on topics related to cyberlaw and legal philosophy.
The Battle is Lost, Now Let Us Go and Fight: The Unresolvable Paradoxes of the Law of Cyber-Defence
One of fundamental aspects of the rule of law is that the state is entitled to take only actions that are expressly prescribed or allowed by the law. Legal rules that provide state bodies with justified causes of various activities use highly differentiated scale of particularity of respective black-letter provisions. Rules of administrative law that regulate e.g. the issue of building permits are highly particular, while the provisions regulating the acquisition and use of heavy arms are rather of very general nature.
The reason for such difference is mainly to be found in overall conditions under which the respective rules apply in actual practice. Building permits are being issued permanently which means that the state is permanently meddling here with individual rights (e.g. property rights, freedom of will etc.) On the contrary, the mere acquisition of tanks and howitzers meddles with any individual rights only very seldom. Even more seldom are then the situations when the state is authorised to actually use such heavy arms anywhere outside training facilities.
It might look like a paradox, because a howitzer can certainly do much more damage to one’s property than a building permit. However, the scope of situations when the state is authorised to meddle with one’s property with a howitzer, is so limited that the actual risk of disproportionate infringement of rights is here almost none. In result, there exists a direct relation between the strength of measures that are available to the state, the level of particularity of their legal regulation and the scope of situations when they can be used. The more powerful the respective measure is, the more limited are the possibilities of its use and the more general are the formulations of the applicable black-letter rules.
Cyber-defence is by its nature very different. There is, similarly to kinetic defence, a need for extremely powerful measures that would serve the purpose of defending the sovereignty of respective state. However, the mere acquisition and maintenance of such weapons is often inevitably linked with frequent infringements of individual rights that must happen in no relation to any actual threat. In other words, the acquisition of measures of cyber-defence requires infringements of rights comparable as to their scale to the use of a howitzer and as to their frequency to the use of a building permit.
The paper aims to explore the new and ideally unresolvable regulatory paradox of cyber-defence that arises of a combination of factors that have no real match in the current law. The paper uses the analogy with military intelligence to outline possible ways of design and establishment of functional cyber-defence framework while preserving precious and fragile principle of the rule of law, nationally and internationally.
Capt. Coufalíková is the Chief of Information support cell at the Ministry of Defence. Her work focuses on security awareness spreading and on increasing of information and communication systems administrators' preparedness to cyber threats and attacks. After graduating with a PhD from the University of Defence in Brno, Aneta joined the CIRC Centre as a system engineer. She authored articles for a journal A Report from 2012 to 2014. She co-operates with the University of Defence and leads lectures on cyber defence for students and also for stuff.
The CIRC Centre – Case study
During our monitoring of communication and information systems, we are confronted with cyber security events and incidents almost on a daily basis. In this presentation, we will take a look at those we are dealing with most frequently. Our experience with solving a ransomware issue will be described more deeply.
Capt. Bartoň is the Chief of Digital Forensics cell at the Ministry of Defence. After he had completed Master’s degree at the University of Defence in Brno (Cybernetics and military robotics field of study), he started his professional career at 21st Tactical Air Force Base in Čáslav. He was responsible for the proper running of critical systems, which were used for air navigation. Later, he further developed gained experience with rapid problem analysis and response at CIRC Centre, where he went through several technical posts as a security analyst. Supervising military IP range for a long time, he has awareness of volume and types of everyday internet attacks. Not only simple script kiddies‘ blind attempts but also those more sophisticated and targeted on the Czech MoD. He regularly attends major international NATO cyber security exercises. He also participates in their organization and technical preparation.
Digital forensics and ransomware incidents; current trends in ransomware
Cpt. Bartoň will expand on the lecture of his colleague Capt. Coufalíková by demonstration of dealing with incident: a ransomware infection of a workstation. How can digital forensics help with an identification of attack vector, analysis of ransomware behaviour and recovering of user’s data.