Cyber Security: Analytics, Technology and Automation (eBook)

Pekka Neittaanmäki is Professor in Scientific Computing and Dean of the Faculty of Information Technology and Head of COMAS (Computing and Mathematical Sciences) Graduate School at the University of Jyväskylä and Adjunct Professor at the University of Houston, USA. His research interests are mathematical and numerical modeling, signal analysis, data analysis, optimization, and optimal control. He is the author or co-author of more than 350 publications in various parts of numerical analysis and applied mathematics including 16 books. He has supervised more than 80 PhD theses. He has participated in many industrial projects in Finland and Europe including among others paper machine, telecommunication, process industry as well as medical diagnostics applications.Martti Lehto Col (ret.) is Adjunct professor in Cyber Security in the Department of Mathematical Information Technology in of the Faculty of Information Technology at the University of Jyväskylä. He has over 30 years of experience as developer and leader of C4ISR Systems in Finnish Defence Forces. He is now a Cyber security and Cyber defence researcher and teacher and he also coordinates the Cyber Security MSc. and Doctoral programmes.  He has over 50 publications, research reports and articles on areas of C4ISR systems, cyber security and defence, information warfare and defence policy. He has participated many cyber security programs, like Finland's cyber security strategy, the Ministry of Employment and the Economy’s Innovative Cities (INKA) cyber security project and ENISA NIS Platform WG 3.

Foreword 6
Contents 9
Part I Cyber World Today 11
1 Phenomena in the Cyber World 12
Abstract 12
1 What Does `Cyber' Mean? 12
2 Drivers of Change in the Cyber World 16
3 Cyber Threats and Vulnerabilities 17
3.1 Cyber Threats 17
3.2 Cyber Activism 19
3.3 Cybercrime 20
3.4 Cyber Espionage 21
3.5 Cyberterrorism 21
3.6 Cyber Warfare 22
3.7 Cyber World Vulnerabilities 25
3.8 Cyber Operations 27
3.9 Cyber Weaponry 28
3.10 Society's Critical Structures as Targets 31
3.10.1 Critical Infrastructure 31
3.11 Critical Information Infrastructure 32
3.12 Scada 33
4 Cyber Security 34
References 36
2 Cyber World as a Social System 39
Abstract 39
1 Introduction 39
2 Concepts 41
2.1 The Main Concepts of the Cyber World 41
2.2 The Physical and the Cyber World Framework 42
3 System Modeling Approaches on the Cyber World 43
3.1 The Cyber World as a Complex Adaptive System 43
3.2 The Content Analysis of the Cyber World 45
3.3 A Social System Model as a Worldview to the Cyber World 46
4 The Content Analysis of the Cyber World 47
4.1 Media Surveys 47
4.2 Information Assurance 49
5 Conclusions 49
References 50
3 Citizens in Cyber World---Despatches from the Virtual ``Clinic'' 52
Abstract 52
1 Introduction 53
2 Theory and Method 54
3 Preparing for Mental Battles in the Virtual Clinic 60
4 Ego's Habituation into the Past Narratives and Myths 61
5 Impenetrable and Paranoid Defence of the Ego 63
6 Penetrable and Protean Ego 64
7 Discussion 66
References 68
4 Powers and Fundamental Rights in Cyber Security 70
Abstract 70
1 Introduction 70
2 Constitutional Protection of Personal Data and Confidential Communications 71
3 The Powers of Communications Authority 74
4 The Activities of NCSC-FI 74
5 The Powers of Police in Cyber Space 76
6 The Powers in Escalated Threats 76
References 77
Part II Cyber Security Threats, Legalityand Strategy 78
5 Coder, Hacker, Soldier, Spy 79
Abstract 79
1 Introduction 79
2 Cyber Espionage 80
3 Cyber Crime 82
4 Cyber Activism 84
5 Cyber Terrorism 86
6 Cyber War 87
7 Conclusion 89
References 89
6 Cyber Warfare 94
Abstract 94
1 Introduction 94
2 Cyber Warfare from the Perspective of International Law 95
3 Cyber Warfare as a Military Capability 97
4 Conclusion 99
References 100
7 Deception in the Cyber-World 102
Abstract 102
1 Introduction: Setting the Scene 102
2 Why Deception? 103
3 The Cyber-World: Another Dimension 104
4 The Strategic Use of Deception in the New World 106
5 Old Style Cyber-Deception: New Style Cyber-Deception 107
6 Networked Robots 110
7 Summary 111
References 111
8 Legal Framework of Cyber Security 113
Abstract 113
1 Introduction 113
2 Cyber Security from a Legal Perspective 115
3 Instruments and Areas of Law Addressing Cyber Security 117
4 Implications of Diminishing Legal Certainty 125
5 Conclusion 127
References 129
9 Finnish Cyber Security Strategy and Implementation 132
Abstract 132
1 Introduction 132
2 Comprehensive Security 133
3 Cyber Security as a Part of Comprehensive Security 135
4 Cyber Security Strategy 137
5 Generic Cyber Strategy Process 142
5.1 Character of the Process 142
5.2 Strategic Analysis 143
5.3 Strategic Priority 144
5.4 Implementing the Strategy 145
6 Finnish Implementation and Steering Process 146
References 147
Part III Cyber Security Technology 148
10 Clustering-Based Protocol Classification via Dimensionality Reduction 149
Abstract 149
1 Introduction 149
2 Related Work and Mathematical Background 151
2.1 Dimensionality Reduction 151
2.1.1 Diffusion Maps (DM) 151
2.1.2 Geometric Harmonics 154
2.2 Clustering Techniques 155
2.2.1 k-Means and Its Derivatives 155
3 Evaluation Datasets 156
4 Traffic Analyzer 158
5 Sequential Application of the Flow-Oriented Traffic Analyzer 159
6 Clustering-Based Protocol Classification via Dimensionality Reduction 161
6.1 Outline of the Real-Time Protocol Classification Process 161
6.1.1 High Level Description of the PCR Algorithm 165
6.1.2 Detailed and Formal Description of the PCR Algorithm 166
7 Experimental Results 171
7.1 Protocol Classification and Recognition 171
7.1.1 Experimental Results on Training Datasets 171
The Inter-Cluster Accuracy Results from the PCR Algorithm 172
The Inter-Cluster Covers Results from the Classification Algorithm 175
7.1.2 Experimental Results on Testing Datasets 179
7.2 UCI Datasets 179
8 Conclusion 183
References 183
11 Timing and Side Channel Attacks 185
Abstract 185
1 Introduction 185
2 Hypervisor Blue Pills and Red Pills 186
2.1 Subverting and Blue Pill Concept 186
2.2 Local Hypervisor Red Pills---Direct and Sub-channel Attack 186
2.3 Remote Hypervisor Red Pills 188
3 Invisible Character Differences 189
4 Timing Attacks 190
4.1 GameCube DVD Password Attack 190
5 AES Side-Channel Attacks 191
5.1 AES Background 191
5.2 AES Software Implementation 192
5.3 Cache Memory 192
5.4 Side Channel Attacks on AES 194
6 Power Based Attacks 195
References 196
12 Knowledge Discovery from Network Logs 197
Abstract 197
1 Network Anomaly Detection 197
1.1 Fingerprinting 198
1.2 Anomaly Detection 198
2 Network Environment 198
3 Knowledge Discovery Process 199
3.1 Databases 200
3.2 Selection 200
3.3 Preprocessing 200
3.4 Transformation 200
3.5 Data Mining 201
3.6 Interpretation and Evaluation 201
4 Some Proposed Approaches 201
5 Conclusion 204
References 204
13 Trusted Computing and DRM 206
Abstract 206
1 Ethics---Trusted or Treacherous Computing 207
2 The Trusted Processing Module by TCG 208
2.1 Remote Attestation 208
2.2 Direct Anonymous Attestation 209
3 Intel TXT and AMD/ARM Trustzone 209
4 Other Architectures for ``Trusted Computing'' 210
4.1 HDMI and HDCP and Its Predecessors 210
4.2 Macrovision, CSS and DeCSS 210
4.3 HDMI and HDCP 211
5 Other Uses for Trusted Computing 211
6 Attacks on Trusted Computing 212
7 Beyond Trust---SGX 212
References 213
Part IV Cyber Security and Automation 214
14 Cyber Security and Protection of ICS Systems: An Australian Example 215
Abstract 215
1 Introduction 215
2 ICS Security 216
3 Maroochy SCADA Security Case Study 219
4 Australian Strategic Cyber Protection 220
5 Discussion 225
5.1 Policy 225
5.2 Business Drivers 225
5.3 Technical Issues 226
6 Conclusion 227
References 227
15 Towards Dependable Automation 229
Abstract 229
1 Introduction 229
2 Towards Dependable Automation 231
3 Time Dependence in Automation 232
4 Security Challenges 236
5 Securing Automation Lifecycle 236
6 Guideline for Dependable Automation 238
6.1 Create an Essential Model Through Business Analysis 238
6.2 Define the Use Case Explicitly 239
6.3 Determine the Participating Information Systems 240
6.4 Define the Orchestration of the Process 240
6.5 Define and Implement Processes 241
6.6 Define Data Flows 241
6.7 Define the Information Content of Data Flows 241
6.8 Create Dependability Models 241
6.9 Choose Information Security Implementation Methods 241
6.10 Implement the Solution/Orchestration 242
7 Securing Development 242
8 Dependability Model 243
9 PICARD Extension 244
10 Securing the Purchases 246
11 Securing the Operations 247
12 Securing the Disposal 247
13 Conclusions 247
References 248
16 Specialized Honeypots for SCADA Systems 250
Abstract 250
1 Introduction 251
2 Security of Industrial Control Systems 253
3 The Role of Honeypots Within SCADA Systems 255
4 Proposed Architecture of the SCADA Network Honeypot 258
4.1 Honeypot Front-End Interface 259
4.2 Event Monitor 260
4.3 Honeypot Management and Watchdog 261
4.4 Firewall 261
4.5 Usage of SNMP in SCADA Environments 262
5 Implementation and Deployment Notes 263
5.1 SCADA Honeypot as a Low Cost Hardware Appliance 263
5.2 SCADA Honeypot as Virtualized Appliances 264
5.3 Alternative Architecture for a High-Interaction Honeypot 265
6 Conclusion 266
Acknowledgments 266
References 267