Flavia Fulea, Toward Collaborative and Cooperative Cybersecurity: A Survey on Approaches, Challenges, and Opportunities, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Master's Thesis)
Cyberattacks are posing a threat to the continuity and success of organisations worldwide and the costs associated with cybersecurity skyrocketed in the last years, reaching USD 6.9 billion in 2021. Therefore, the need for appropriate cybersecurity has never been higher. While malicious parties are teaming up to collaborate and cooperate on attacks, it is only natural that defenders should also cooperate or collaborate with each other in order to detect vulnerabilities or mitigate attacks. Firstly, this work gives an overview of the current state of cybersecurity and important concepts, and frameworks are discussed. Subsequently, definitions for collaborative cybersecurity and cooperative cybersecurity are proposed. A taxonomy is presented that could serve as a good categorisation basis for the existing research. A survey of the literature is performed, leveraging the proposed taxonomy. Finally, key limitations, trends and challenges are identified. As shown, current approaches focus on vulnerabilities sharing, intrusion detection and access control. While challenges remain with regards to the right amount of transparency in cybersecurity and to public-private cybersecurity collaboration and cooperation. |
|
Dennis Shushack, Intelligent Framework to Detect Ransomware Affecting Linux-based and Resource-constrained Devices, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
The Internet of Things (IoT), a network of interconnected devices, has been growing and gaining traction in various industries. This technology can impact our lives while also providing significant economic benefits. For example, crowdsensing platforms such as ElectroSense that use sensor-equipped IoT devices to collect and share spectrum monitoring data have proven efficient, cost-effective, and scalable. However, although these resource-constrained IoT devices provide numerous benefits, they are also vulnerable to cyberattacks. As a result, ransomware could severely threaten the IoT ecosystem. ElectroSense, which employs IoT device sensors, may fall victim to such an attack, resulting in operational problems and sensor data unavailability.
Machine and deep learning algorithms using behavioral data have been identified as promising ransomware detection and classification techniques. However, most detection frameworks that utilize these technologies have been developed for Windows-based systems, which generally have more resources than IoT devices. As a result, these solutions may not be well-suited for crowdsensing platforms which utilize resource-constrained components. In addition, while ransomware policies are effective and resource efficient in detecting and classifying ransomware, they do have some limitations.
This thesis, therefore, proposes to develop and test a machine and deep learning-based framework that utilizes three different behavioral sources to detect and classify ransomware impacting resource-constrained ElectoSense sensors. This framework will employ an efficient, scalable, and data-protective approach to identify zero-day ransomware attacks and classify various ransomware strains. In addition, real-world ransomware attack scenarios are utilized to test the platform's effectiveness. |
|
Matteo Gamba, Design and Implementation of a SC-based System for the Tracking within a Cheese Supply Chain, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
With a major part of the Swiss cheese produced being exported, counterfeit cheeses selling under their protected name abroad pose a serious economic threat to the Swiss cheese industry. Consequently, a group of Swiss private and federal entities have teamed up to build the CheeseChain, a blockchain-based solution to increase transparency and trust along the Tˆete-de-Moine (a Swiss cheese) value chain, as well as provide proof-of-origin using a PCR-based system and publish the results to the public Blockchain (BC). This thesis presents a smart contract (SC) solution to track a cheese through its supply chain including a frontend to facilitate interactions with the SC and a server that allows data from the existing systems to be written to the BC via network requests.
The SC abstracts a supply chain into supply chain participants, production batches, and individual production steps that are appended to a batch, which makes the SC applicable to supply chain tracking use cases other than cheese with only minimal modifications of the source code. This is achieved using custom data structures, called structs, for production batches and steps, where every batch contains the timestamp of creation, further information about the product, and a pointer to the last step performed within the supply chain and registered on the batch. Each step itself points to its predecessor and stores a description of the step, the participant who performed the step, the timestamp, and the coordinates alongside. This forms an immutable and append-only backward traceable linked list of steps that can be inspected via the custom frontend designed for manual interaction with the SC by supply chain participants and the retrieval of supply chain history for a specific cheese by the customer allowing for verification of a product’s authenticity.
Further, the SC implements an access control mechanism that guards all functions that change the SC’s state. All functions are only callable by registered supply chain participants, which are managed by the system administrator, who is at the same time the deployer of the contract and the only entity that is allowed to call all available functions. The server provides an abstraction over the SC and facilitates injecting data available in a private system to be written into the BC automatically through an API. Evaluating the system has shown that choosing the best suitable BC for a specific application has to be done diligently and carefully since it directly implies the system’s performance and operational costs, which depend on the selected BC’s block time, respectively token and gas price. Further, the presented SC is evaluated to carry a low risk from a SC security standpoint, due to the access control mechanism in place and the absence of monetary incentives to exploit the system. The biggest security risk is introduced by the mismanagement and leakage of private keys by the registered supply chain participants or the administrator, which gives the holder the ability to write faulty information into the SC. |
|
David Diener, Design and Implementation of a Database-to-Blockchain Data Gathering Solution for Cheese Tracking, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
Globalization shaped our markets and the world that we live in today as nothing ever else has. New opportunities presented themselves, remote markets got opened up and supply chains got more complex. With increased complexity came several challenges, such as motivation for exploitation, costs for trusting parties, and abuse of market power, which needed and still need to be tackled. The introduction of the Blockchain technology in 2008 made a step in this direction, such as immutability and higher security, which can be profited from, to build a more secure Supply Chain. Tˆete-de-Moine a Swiss cheese producer, the University of Zurich, Fromarte, and Agroscope found a similar need to bring more trust along the value chain of its production. Accordingly, a Proof of Concept, for a part of the overall CheeseChain project was established in this thesis. The implemented solution mirrors the database from the Digital Quality Management System of Fromarte on the host and pushes relevant information onto a private blockchain. With an API, combining the Blockchain and the host, the integrity of the files in the database can be assured. The solution was assessed through several performance tests, which led to the conclusion that the BC interaction takes up to 80% of the first iteration. This brought the question of how salable the solution is. Tests showed that the time it takes to fetch a form follows a linear scale, which makes the scalability anticipatable. |
|
Jan Von der Assen, Muriel Figueredo Franco, Christian Killer, Eder J Scheid, Burkhard Stiller, CoReTM: An Approach Enabling Cross-Functional Collaborative Threat Modeling, In: IEEE International Conference on Cyber Security and Resilience, IEEE, Virtually, Europe, 2022-07-27. (Conference or Workshop Paper published in Proceedings)
Threat Modeling is a structured process to identify critical assets in an organization and the threats posed by adversarial agents. The goal of applying such a process is to achieve a shared understanding of the inherent risks and potential counter-measures that can be put in place. In practice, threat modeling is a collaborative process combining stakeholders' perceptions in a holistic view of the threat landscape. However, this paper points out that related work mainly focuses on adapting models to technical aspects of architectural decisions. Thus, non-technical stakeholders are not included in the process.This paper proposes CoReTM, a novel overarching approach to applying well-established threat modeling methodologies in a collaborative setting. The resulting approach allows organizations to extend threat modeling to non-technical stakeholders in an automated way while supporting on-site, remote, or hybrid operations in a synchronous or asynchronous fashion. |
|
Zeno Heeb, Onur Kalinagac, Wissem Soussi, Gürkan Gür, The Impact of Manufacturer Usage Description (MUD) on IoT Security, In: 1st International Conference on 6G Networking (6GNet), Institute of Electrical and Electronics Engineers, Paris, France, 2022-07-06. (Conference or Workshop Paper published in Proceedings)
With the growing number of IoT (Internet of Things) devices and their particular characteristics compared to traditional systems, incumbent security mechanisms need to be advanced for secure and resilient IoT operation in current ICT systems. One particular standard, which tries to improve IoT security in that regard, is the Manufacturer Usage Description (MUD) by IETF. In this paper, as our main focus is to highlight the security gains of using MUD, we first discuss the critical threats to IoT devices based on available research. In the second step, we analyze the MUD technology to delineate where MUD is beneficial (or not) to address these security issues. |
|
Burkhard Stiller, Cybersecurity Support and Tools, In: CyberAlp Retreat, Sachseln, Switzerland, 2022. (Conference or Workshop Paper)
|
|
Alberto Huertas, Privacy-preserving and Trustworthy Detection of Cyberattacks in IoT Spectrum Sensors, In: CyberAlp Retreat, Sachseln, Switzerland, 2022. (Conference or Workshop Paper)
|
|
Jan von der Assen, Opportunities, Challenges and Directions for MTD in IoT Sensors, In: CyberAlp Retreat, Sachseln, Switzerland, 2022. (Conference or Workshop Paper)
|
|
Robin Wassink, Implementation and Detection of Spectrum Sensing Data Falsification Attacks Affecting Crowdsensing Platforms, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
The usage of mobile data has increased massively over the past few years and the trend is only rising. A part of this trend is due to the growth of the Internet-of-Things (IoT), which is merging the digital and physical worlds. IoT devices are collecting and transmitting countless of bits over the wireless spectrum and as a result, the radio frequency (RF) spectrum is getting bursty and overcrowded. Yet IoT devices are also beneficial for the RF spectrum, as they are used as sensors in monitoring networks that analyze the spectrum usage to optimize the use of the wireless spectrum. However, these devices are well-known to be resource-constrained and therefore a growing cybersecurity concern. In a sensing network, they are vulnerable to Spectrum Sensing Data Falsification (SSDF) attacks trying to manipulate the data. Recent research has proposed behavioral fingerprinting and Machine/Deep Learning (ML/DL) to detect those attacks.
To improve the limitations of the recent literature, another implementation of the latest defined SSDF attacks is proposed in this thesis. The sensing software used in the crowdsensing monitoring platform ElectroSense has been modified to implement seven SSDF attacks.
The attacks have been executed in several different configurations whilest the behavior of the infected device has been observed based on the system call trace. A Machine Learning (ML) framework thereafter has cleaned the gathered datasets, extracted features and trained multiple unsupervised ML algorithms with normal behavior data. The infected data has then been classified by the models to evaluate the anomaly detection performance in different settings. The experiments have demonstrated that the proposed implementation using variables is not reliably detectable compared to previous implementations using files stored in disk. |
|
Filip Dombos, Linux on Tiny Microcontrollers, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
As the Internet-of-Things (IoT) see rapid growth, in device numbers and use cases, standardization is very much lacking in the field. With heterogeneous edge devices, or so-called microcontrollers (MCUs), and a variety of operating systems (OS) to choose from, interoperability is suffering. The goal of this thesis is to port the kernel of the open-source operating system Linux onto tiny MCUs. By doing so abstracting the hardware from the application layer, and therefore providing much-needed standardization in the IoT ecosystem. This was achieved by finding the correct toolchain, and compiling the Linux and μClinux kernel with the help of tools such as Buildroot. Subsequently, the compiled distributions were tested with QEMU and ported to STM32L476G-Eval board and ESPEYE respectively. Additionally, a different approach with JuiceVM, a RISC-V virtual machine, running Linux was explored. |
|
Claudio Gebbia, Analysis and Implementation of Arbitrage Bots in Centralized and Decentralized Finance, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
Decentralized Finance (DeFi) has gained a lot of interest in the past few years, shown by an estimated increase in deposited assets from $700 million in December 2019 to over $200 billion in 2022. It brings use cases from traditional finance to blockchain, where the need for financial intermediaries normally required in Centralized Finance (CeFi), such as brokers or banks, can be eliminated. However, due to the novelty and lack of regulations in this financial space, prices are very volatile, which can lead to deviation across exchanges. This opens up potential possibilities for arbitrage, the concept of taking advantage of price differences of the same asset across exchanges. In this thesis, arbitrage opportunities across centralized and decentralized exchanges for cryptocurrencies are analyzed by developing and evaluating arbitrage bot prototypes that perform arbitrage fully automatically. Different strategies to perform arbitrage, like cyclic or spatial arbitrage, are explored and compared. The state of arbitrage availability is evaluated, based on the data collected by the arbitrage bots. |
|
Elexa Heggli, Design and Prototypical Implementation of a Verifiable Remote Postal Voting System, University of Zurich, Faculty of Business, Economics and Informatics, 2022. (Bachelor's Thesis)
|
|
Muriel Figueredo Franco, Risk Management with Economic Bias, In: Course "Becoming a Cybersecurity Consultant", Brussels, Belgium, 2022. (Conference or Workshop Paper published in Proceedings)
|
|
Pedro Miguel Sánchez Sánchez, Alberto Huertas Celdran, Gérôme Bovet, Gregorio Martínez Pérez, Burkhard Stiller, An ML and Behavior Fingerprinting-based Framework for Cyberattack Detection in IoT Crowdsensing Platforms, In: VII Jornadas Nacionales de Investigación en Ciberseguridad, N/A, Bilbao, Spain, 2022. (Conference or Workshop Paper published in Proceedings)
|
|
Muriel Figueredo Franco, SecRiskAI: a Machine Learning-based Approach for Cybersecurity Risk Prediction in Businesses, In: 24th IEEE International Conference on Business Informatics (CBI 2022), Amsterdam, Netherlands, 2022. (Conference or Workshop Paper)
|
|
Muriel Figueredo Franco, Erion Sula, Alberto Huertas, Eder John Scheid, Lisandro Zambenedetti Granville, Burkhard Stiller, SecRiskAI: a Machine Learning-Based Approach for Cybersecurity Risk Prediction in Businesses, In: 24th IEEE International Conference on Business Informatics, IEEE, Amsterdam, Netherlands, 2022-06-15. (Conference or Workshop Paper published in Proceedings)
Cyberattacks have increased in number and severity, negatively impacting businesses and their services. As such, cybersecurity can no longer be seen just as a technological issue, but it must also be recognized as critical to the economy and society. Current solutions struggle to find indicators of unpredictable risks, limiting their ability to perform accurate risk assessments. This work thus introduces SecRiskAI, an approach that employs Machine Learning (ML) to assess and predict how exposed a business is to cybersecurity risks. For this purpose, four ML algorithms were implemented, trained, and evaluated using synthetic datasets representing characteristics of different sizes of businesses (e.g., number of employees, business sector, and known vulnerabilities). Moreover, a Web-based user interface is provided to simplify the risk prediction workflow. The quantitative evaluation performed on SecRiskAI shows a minimal performance overhead and the high accuracy of the ML models, while a case study assesses the feasibility of the overall process for decision-makers. |
|
Eder John Scheid, An Intent-based Blockchain-agnostic Interaction Environment, In: PhD Defense Talk, Zürich, Switzerland, 2022. (Conference or Workshop Paper)
|
|
Muriel Figueredo Franco, Eder John Scheid, The Cybersecurity Economics: Theory and Practice Exercises, In: Webinar - Becoming a Cybersecurity Consultant (Third Round); C³ Certification Course, Virtually, Europe, 2022. (Conference or Workshop Paper)
|
|
Alberto Huertas Celdran, Pedro Miguel Sánchez Sánchez, Gérôme Bovet, Gregorio Martínez Pérez, Burkhard Stiller, Intelligent Fingerprinting to Detect Data Leakage Attacks on Spectrum Sensors, In: ICC 2022 - IEEE International Conference on Communications, IEEE, Seoul, Korea, 2022-05-16. (Conference or Workshop Paper published in Proceedings)
Data confidentiality protection is a must for IoT and crowdsensing platforms, and a challenge due to the constrained nature of their sensors. Currently, the combination of device fingerprinting and anomaly detection systems based on Machine and Deep Learning (ML/DL) techniques is one of the most promising approaches to detect zero-day cyberattacks. However, most of existing work is not suitable for resource-constrained devices or does not deal with cyberattacks affecting data confidentiality of spectrum sensors. Thus, this paper proposes a framework that monitors network interface events of sensors, uses unsupervised learning to create fingerprints, and detects anomalies produced by such cyberattacks. The framework validation has been performed in the crowdsensing platform ElectroSense, where a sensor has been infected by a backdoor leaking different sensitive data during an experiment. A set of unsupervised learning algorithms has been evaluated, being Autoencoder the one showing the best balance when detecting normal behavior and data leakages of different sizes and at frequencies, while providing a reduced detection time and sensor resources consumption. |
|