Cybersecurity

Contact: Leonid Batyuk

 

Application Center for Cybersecurity aims to develop security, privacy and safety solutions for protecting Critical Infrastructures supporting modern industrial society. Application Center for Security follows the DAI-Labor philosophy Future in Touch, meaning that real-life products are developed in a Living Lab, which allows them to be experimented and evaluated in an open environment for researchers, industry and the public. 

Critical Infrastructures, such as telecommunications, energy, transportation, health, education, water systems and emergency services, are key facilities of modern industrial society. These facilities currently undergo profound changes by employing ICT systems to decrease operational costs while increasing availability and efficiency.   Despite of their insecurity, standard IT platforms, TCP/IP Communications and Internet Access are being widely used in Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) lying at the heart of these facilities. The threat exposure has increased further by interconnection of these systems with each other and to business networks. Furthermore, new developments in Ubiquitous Computing and Communication will pose new challenges that can not be met with conventional monolithic security and privacy approaches which depend on perimeter protection based on firewalls, VPN and classical intrusion detection and prevention systems. 

Thus, Application Center for Security focuses on following questions: 

  • What are the security challenges that critical infrastructures of our modern industrial society face? 
  • What security, privacy and safety solutions with what properties are required to cope with these challenges? 
  • How to develop solutions that can find public acceptance? How to test and evaluate new solutions by including public opinion?

Application Center for Security has following development activities to solve above questions:

  • Network and Security Simulation
  • Grid and Data Security
  • Anomaly Detection and Early Warning
  • Security Solutions for Sensor Networks
  • Non-intrusive Security Solutions
  • Mobile Security 

Projects

Real-time Attack Scenario Detection

The aim of this project is to determine high level security status of a target network online. Intrusion alerts and system logs collected from various network applications are aggregated and correlated in real-time to determine ongoing attack scenarios. Timely generation of correct attack scenarios is important to predict possible attacks in the future and determine appropriate counter-measures on time.

The applied approach to attack scenario detection is graph-based. Target network topology, filtering rules and applications on network nodes are used to derive partial attack graphs. Attack graphs contain both vulnerability exploits on network applications and information asset usages by attackers. Aggregated intrusion alerts and system logs are used to generate and extend the attack grap

Androlyzer

Androlyzer is a novel tool which allows users to gain useful insights into the internal workings of Android applications. Current security architecture of the Android OS is technically solid, but coarse-grained and nontransparent to the average user. Hence, numerous applications abuse the situation by covertly violating user's privacy and compromising device security. We approach this problem by providing static analysis of app binaries as a client as well as a web service.  We maintain a large database of security and privacy related reports on Android applications, which can be accessed through a web browser. Additionally, we provide full-fledged analysis as a client app.

DAI Cloud Crypt

Due to the increasing capabilities of smartphones and tablets, we entrust more and more sensitive data to our mobile devices. Using the Android app DAI Cloud Crypt, any file can be encrypted and stored securely. This encryption app works analogous to a safe, which allows access to confidential files only if the correct password has been entered. For this purpose standard encryption methods with a sufficient key lengths are employed, e.g. AES.

Due to the encryption of files, we achieve the security goal of confidentiality. In case of loss or theft of a given mobile device, the owner will usually not be able to access these files anymore. Therefore, DAI Cloud Crypt integrates a component which is connected to the Dropbox cloud service which mirrors only encrypted files.