Security Engineering as a multidisciplinary approach to cybersecurity - doctoral course

Instructor: Post-Doctoral Research Fellow, Dr.Tech. Simone Soderi,

IMT School for Advanced Studies Lucca, Italy

Dates: Monday, 9th – Friday, 20th May, 2022.

Hours: 32 h: Lectures: 9.–18.5. at 08:45–12:00 (with 15 minutes breaks)

Examination: Written examination: 20th May, 2022 at 09:00 – 11:00

Assessment: 100% Written examination

Credit Units: 3 ECTS

Registration: Students should register for the course by 30th April, 2022. Background

reading, lecture slides and preparatory material will be provided in advance of the start of the course.

Course: We live in a digital society where we share a considerable amount of data using different communication systems. Such a scenario requires an in-depth study of cybersecurity, given the complexity of communication devices and systems. This course aims to explore some aspects of security engineering as a multidisciplinary science.

The first part of the course will provide students with the fundamental

concepts for a comprehensive understanding of the technology, operational

procedures, and management practices required for effective cybersecurity.

The security management function involves creating, implementing, and

monitoring a security program for the information, infrastructure, and people

involved. Certainly, security management involves multiple levels of

management within a company. Different levels of management contribute

various types of expertise, authority, and resources to the overall security

program. We will reference standards and best practice documents that have

broad support and guide approaches to cybersecurity implementation. The

security management function involves creating, implementing, and

monitoring a security program for the information, infrastructure, and people

involved. Certainly, security management involves multiple levels of

management within a company. The goal is to plan security to understand

better how to respond to threats and ensure a recovery plan that ensures

business continuity in a cybersecurity incident.

The second part of the course examines the cross-disciplinary skills required by

security engineering, suggesting a multilevel investigation. Several techniques

based on signal processing have been utilized to secure communications at the

physical layer in the past few years. Typically, cryptography security

mechanism solidity is based on the rigorousness of mathematics and how users

maintain the secret keys. Physical layer security (PLS) provides secure

communications against an eavesdropper exploiting channel imperfections,

such as fading, multipath, and interference. In this course, we introduce two

promising primitives: jamming and watermarking. With the watermark-based

blind physical layer security (WBPLSec) the sender watermarks the message,

while the receiver also jams it and then restores it exploiting the watermarking.

Several use cases where this technique can be applied will be presented, for

example, radio frequency (RF) communications, acoustic communications,

visible light communications (VLCs), and wired buses (e.g., CAN bus).

Moving the security analysis to the level of communication protocols, we can

affirm that introducing a security layer is indispensable to implement defenses

from malicious attacks. Host Identity Protocol (HIP) based network with IPSec

is proposed to secure communications. For example, this security architecture

would mitigate the railway onboard wireless network attacks from an attacker

boarded on the same vehicle. As the last item on the networking protocols, we

investigated the wireless body area networks (WBANs). In some instances,

WBANs collect humans' information through Bluetooth low energy (BLE)

sensors nodes. BLE is thus becoming de-facto a key wireless technology, and

users leave that interface always enabled on their devices. BLE specifications

do not offer defenses against man-in-the-middle (MitM) attacks.

Countermeasures will be proposed by working by observing magnitudes that

operate on different levels, i.e. physical and protocol levels.

Finally, simulation environments known as cyber ranges have attracted

considerable attention in the cybersecurity ecosystem due to their ability to

mimic realistic situations and provide practical training for security experts and

students. However, many security threats related to the network domain are

challenging to reproduce. At the same time, the security evaluation of cyber-physical

systems (CPSs) assumes strategic importance in the transportation

domain. In this course, we consider the role of cyber ranges in network security

assessment. Indeed, with these tools, we can automatically define test

scenarios to evaluate network security issues.

The multilevel perspective of cybersecurity is expected to have other valuable

contributions from the research community.

Target Audience: This is an advanced course targeted at Master's and Doctoral students who

have knowledge of wireless communications, protocols and computer

networks.

Learning outcomes:

1. Cybersecurity fundamentals;

2. Security management skills;

3. Multidisciplinary security approach;

4. Cyber ranges as a tool for security assessments;

5. Cybersecurity application examples.

Lecture Schedule:

• Lectures 1-3: Introduction; Cybersecurity fundamentals; Importance of risk assessment and management; Cybersecurity Operations and Management: People Management, Computer Security Incident Response Teams (CSIRT), Physical Asset Management, System Management, Technical Security Management, Threat and Incident Management, Physical and Infrastructure Security, Business Continuity and Recovery Plan.
• Lecture 4-5: Multilevel security approach; Physical-layer security (PLS) fundamentals; WBPLSec: watermarking and jamming as two primitives to build PLS solutions. WBPLSec applied to RF, acoustic communications, and visible light communications (VLCs); Electromagnetic emissions security; Protocol security: the host identity protocol (HIP) use case;
• Lectures 6-7: Hardware security: introduction, trusted design in FPGA, hardware trojan. Network Security: fundamentals, security concepts, network protection, network penetration, security protocols.
• Lecture 8: Critical infrastructures: the railway use case; Automotive Security: the CAN Bus use case; IoT Security: the WBAN use case; Introduction to cyber ranges, cyber range as a tool for network security assessment; Summary and Research aspects.

Assessment:

The course assessment will be based on the written examination