Sharing data with cryptographic and differentially private guarantees
Nov 2020 - Oct 2024
The SHARE project develops advanced encryption techniques that allow for the sharing of sensitive data in encrypted form while enabling the private search on this encrypted data without the need to decrypt nor to reveal what is being searched for. SHARE applies these techniques in healthcare to protect medical data.
Contactprof.dr. A. Peter (Andreas) Guest Professor in Data Security
Evidence-based Security Response Centers
Jan 2021 - Dec 2024
Cybersecurity Operation Centres monitor incoming threats, but are only useful for incident investigation (as opposed to prevention) because of the vast amount of generated incoming alerts. SeReNity will develop new technologies accounting for alarm prioritization that integrates with human expertise to enable Security Response Centres and stop attacks before it’s too late.
Contactdr.ir. A. Continella (Andrea) Assistant Professor
Building Automation Systems Security
Nov 2016 - Oct 2021
Building Automation Systems (BASs) are one of the applications of the “Internet of Things” (IoT). Millions of people work and live in smart buildings around the world. BASs have steadily grown because of two reasons: (1) the convenience of process automation (e.g. energy management, access control, etc.); and (2) the comfort provided to the users (e.g. preferred temperature, lightning, etc.). Sensors and actuators are disseminated throughout the buildings to enable the implementation of BASs. Building inhabitants may not be aware of the presence of such devices even though they closely interact with them every day. The communication between BAS devices used to have its own protocol stack, from the physical to the application layers. Modern BASs, however, use the communications infrastructure that is usually already in place (Local Area Networks). Moreover, this approach enables remote management and monitoring. Unfortunately, it also enables cyberattacks from remote locations. People's safety and privacy could be compromised with BASs that are connected to computer networks. To overcome these problems, the BASS project studies the security and privacy issues in modern building automation systems and develops dedicated protection mechanisms, such as tailored privacy-enhancing technologies and network-based intrusion detection systems.
Costa Rican National Research Fund
Contactprof.dr. A. Peter (Andreas) Guest Professor in Data Security
Evolutionary Intrusion Detection for Dynamic Environments
Aug 2018 - Jul 2022
Previous years have seen a surge of cyber attacks targeting private data. This virtual pillage deprives citizens and companies across all industries of sensitive information such as login credentials, intellectual property or personal data. Existing cyber security solutions attempt to deal with these attacks by learning a detection model. However, in today's continuously developing IT settings, such a model quickly depreciates, making the approach fail miserably (often already in the case of a simple software update). In this proposal, we call for a drastic change in security technologies, progressing from static security concepts to evolutionary security concepts. As an important milestone in this progression, the EVIDENCE project will build a network-based intrusion detection system (NIDS) capable of evolving with dynamic changes in the environment in which it is deployed.Designing a system which is able to adapt to developing environments requires us to effortlessly update our system's security models. We plan to apply passive application fingerprinting, an approach which maps network traffic to applications on the machine. This method will create fingerprints of all monitored applications in its training phase and subsequently detects unknown (malicious) applications for which it raises alerts. We propose the generation of fingerprints per host, per protocol, and per application, allowing for fine grained dexterous readjustments in case of environmental changes. In addition, our pivotal contribution commences the detection of contextual changes and subsequent adaptation of the detection model. To this end, we will investigate the application of machine learning classifiers and concept drift detectors on our fingerprint features to detect both basic and more advanced environmental changes such as software updates or newly added devices. This ability to automatically adapt to contextual changes (including those imposed by new cyber attacks) establishes the evolutionary character of our envisaged network-based intrusion detection system and constitutes the uniqueness of the EVIDENCE project.
TGS Top-Talent Grant
Contactprof.dr. A. Peter (Andreas) Guest Professor in Data Security
Jan 2020 - Dec 2023
PriMa (Privacy Matters) is an Innovative Training Network (ITN) funded by the EU through the Horizon 2020 Framework. PriMa is a collaboration between 7 research locations and 7 industrial partner organisations with a focus on the analysis and mitigation of privacy risks in a rapidly digitalising society. One factor contributing to the erosion of privacy is the growth in recognition technologies that not only facilitate the recognition of individuals but also the inference from biometric data of emotional state, gender, health, age, and even profession. Another factor is the fast advancement of artificial intelligence, allowing for extensive data mining, and aggregation, linkage and inference of personal information. Hence, there is a real possibility that acceptable privacy may become unattainable unless technological and societal steps are taken to allow citizens to regain control of their personal information. The PriMa project is coordinated by UT researcher Raymond Veldhuis.
Autonomous University of Madrid (UAM), University of Kent, Norwegian University of Science and Technology (NTNU), KU Leuven, Norwegian Computing Center (NR), University of Würzburg, GenKey Solutions B.V., Secunet Security Networks AG, Fraunhofer Gesellschaft zur Förderung der angewandten Forschung e.V. (IGD), Nederlandse Organisatie Voor Toegepast Natuurwetenschappelijk Onderzoek TNO, Triodos Bank NV, Software Improvement Group, Callsign Inc.
Contactprof.dr.ir. R.N.J. Veldhuis (Raymond) Full Professor
Children's privacy and mobile health applications: An analysis of data sharing practices and impact
May 2020 - Apr 2022
Children today are growing up in an immersive digital media culture, with nearly continuous interaction with mobile applications (apps). Child digital engagement has extended to the realm of health, where apps target a range of health promotion and disease management foci. The perceived value of health apps has resulted in their endorsement by child health organizations and prescription by clinicians, often without a complete understanding of data privacy and security. It is known that app developers routinely transmit user data to third parties to enhance user experiences or monetize the app. Although the data sharing practices of these third parties are largely unexplored, adult health app research indicates that commercial entities may be the recipients of personal and health data. In the case of children, serious safety and privacy issues can arise if health information is used for data-driven health product and service advertising without clinician consultation. Further, data aggregators may identify child users and create digital health dossiers that eventually impact on education or employment in adulthood. It is therefore critical to characterize the data sharing practices of child health apps and examine the advertising impact of transmitted data. Using a phased-approach that combines the disciplines of pediatric nursing, health policy, and computer science, we will meet this need. First, we will use a rapid scoping review to identify apps endorsed by influential child health institutions and oversight bodies. Second, focusing on review-identified apps and those most downloaded from commercial stores, we will use novel software methods to electronically intercept and analyze data transmitted to external servers. Third, we will conduct a systematic content analysis of targeted advertising presented to children within apps, using dummy profiles. Our analyses will enable the characterization of data being transmitted by child health apps, the entities receiving the data and their data sharing practices, and the resultant advertising (and potential health) impacts on children. This research will provide a crucially needed picture of the privacy risks to children associated with health app use.
Canadian New Frontiers in Research Fund - Exploration
Hospital for Sick Children, University of Toronto
Contactdr.ir. A. Continella (Andrea) Assistant Professordr. R. Holz (Ralph) Associate Professor
Cyber security cOmpeteNce fOr Research anD Innovation
January 2019 - December 2022
Europe needs to step up its efforts and strengthen its very own security capacities to secure its digital society, economy, and democracy. It is time to reconquer Europe’s digital sovereignty. The vision for Europe can only be to join forces across Europe’s research, industry and public sector and to include all talents not just those that have representation in the EU mainstream or are within big organizations. Diversity and inclusion are keys for success. Europe has incredible coverage and talent in the area of IT and cybersecurity. The area of cybersecurity is geographically fragmented across Europe for competences, and often also technically fragmented with problem-specific development of security solutions. There is no doubt that excellent research exists in Europe. Nevertheless, it is a fact that this research does not result in IT products and solutions that contribute to the European Single Digital Market. On contrary, a lot of research, also financed by EU ERC grants, is tested on real data in large US companies that cooperate with them. Europe has to and is already rethinking this strategy. CONCORDIA addresses the current fragmentation of security competence by networking diverse competences into a leadership role via a synergistic agglomeration of a pan-European Cybersecurity Center. The vision of CONCORDIA is to build a community a strong cooperation between all stakeholders, understanding that all stakeholders have their KPIs, bridging among them, and fostering the development of IT products and solutions along the whole supply chain. Technologically, it projects a broad and evolvable data-driven and cognitive E2E Security approach for the ever-complex ever-interconnected compositions of emergent data-driven cloud, IoT and edge-assisted ICT ecosystems.
Contactdr.ir. M. Jonker (Mattijs) Assistant Professor
Threat Identification Using Active DNS Measurements
September 2017 - August 2021
The goal of this project is the proactive identification of threats, before the actual attack has taken place. To achieve this, we will focus on DNS data, as the DNS is one of the core infrastructures of the Internet and the basis of the functioning of most services nowadays. Our research will focus on the following three objectives. First, we aim at identifying threats characteristics in DNS data. Secondly, we aim at validating our findings on a set of real-world threats examples, such as, among others, spam, DDoS attacks and phishing. Last, we aim at making threat information accessible to security experts and operators, for example by creating threat blacklists.
Contactdr. A. Sperotto (Anna) Associate Professor
Mapping DNS DDoS Vulnerabilities to Improve Protection and Prevention
December 2018 - November 2022
Distributed Denial of Service (DDoS) attacks are one of the most disruptive attacks in today’s Internet. These types of attacks are even more effective and more dangerous when they involve and misuse Internet infrastructure and services.
One of the targets of these attacks is the Domain Name System (DNS). The DNS is a fundamental pillar of the Internet’s core infrastructure, and its role is crucial not only for the translation of human-readable names into IP addresses but also for supporting plenty of widely used Internet applications, such as e-mail, VoIP, etc.
This is the reason why DDoS attacks on DNS infrastructure will have a devastating effect, indeed an attack able to disrupt the DNS infrastructure can disrupt the entire Internet itself.
MADDVIPR (Mapping DNS DDoS Vulnerabilities to Improve Protection and Prevention) project is a collaboration between the University of Twente and the Center for Applied Internet Data Analysis (CAIDA-UCSD)
This project will lead the following results:
- Identification of the impact of possible attacks by providing a complete and comprehensive view of the potential damage and analysing the current state of the art.
- Combine historical data from OpenINTEL with the knowledge developed in the first point to identify possible weak points and vulnerabilities.
- Study and prioritise the risks by creating a ranking of DNS vulnerabilities to inform operators and security experts in order to increase their resilience to future attacks.
NWO / DHS
UC San Diego (CAIDA)
Contactdr. A. Sperotto (Anna) Associate Professorprof.dr.ir. R.M. van Rijswijk - Deij (Roland) Adjunct professor of measurement-based Internet security
MeAsuring Security in Cloud OuTsourcing
January 2021 - December 2024
Outsourcing to the cloud is mainstream business practice. Oft-quoted security benefits of the cloud are availability of skilled staff, bandwidth and compute power to head off attacks. Yet recent outages call these benefits into question. MASCOT will rigorously study cloud resilience and use the outcome to support security-conscious cloud strategies.
KPN, Logius, SURF, NLnet Labs
Contactdr. A. Sperotto (Anna) Associate Professordr. A. Abhishta (Abhishta) Assistant Professorprof.dr.ir. R.M. van Rijswijk - Deij (Roland) Adjunct professor of measurement-based Internet security
Collecting, Transforming, Applying, and Disseminating DDoS Attack Knowledge
DDOS attacks have continued to grow is size and intensity in the last years. While a few initiatives exists for preventing this type of attacks, the involved parties works mostly in isolation. The goal of the DDoSDB project is to bring together the existing knowledge on DDoS attacks, to combine it and make it available such that internet users, academia and organizations can share data.
Contactdr. A. Sperotto (Anna) Associate Professordr. J.J. Cardoso de Santanna (Jair) Guest Assistant Professor
Shaping the Ethical Dimensions of Smart Information Systems: a European Perspective
May 2018 - November 2021
SHERPA is an EU-funded project which analyses how AI and big data analytics impact ethics and human rights. In dialogue with stakeholders, the project is developing novel ways to understand and address these challenges to find desirable and sustainable solutions that can benefit both innovators and society.
DMU, F-Secure, UCLanCY, NEN, EUREC, Aequitas, Trilateral
Contactprof.dr. P.A.E. Brey (Philip) Full Professor
CAESAR: Integrating safety & cybersecurity through stochastic model checking
June 2020 - May 2025
This project will develop an effective framework for the joint analysis of safety and security risks. The project will work on solutions for three important challenges that faced by the successful integration of safety and security faces three challenges:
1. The complex interaction between safety and security, mapping how vulnerabilities and failures propagate through a system and lead to disruptions
2. Efficient algorithms to compute system-level risk metrics, such as the likelihood and expected damage of disruptions. Such metrics are pivotal to prioritize risks and mitigate them via appropriate countermeasures
3. Proper risk quantification methods. Numbers are crucial to devise cost-effective counter-measures. Yet, objective numbers on safety and (especially) security risks are notoriously hard to obtain.
ERC Consolidator Grant 2019
Contactprof.dr. M.I.A. Stoelinga (Mariëlle) Full Professor
Towards an Internet of Secure Things
INTERSECT is the biggest Dutch cybersecurity research project, which focusses on IoT security. The project has more than 40 partners, ranging from universities, SMEs to multinationals.
Contactprof.dr.ir. R.M. van Rijswijk - Deij (Roland) Adjunct professor of measurement-based Internet security
User-driven Path Verification and Control for Inter-domain Networks (UPIN)
June 2020 - June 2024
The goal of UPIN is to develop and evaluate a scalable distributed system that enables users to cryptographically verify and easily control the paths through which their data travels through an inter-domain network like the Internet, both in terms of router-to-router hops as well as in terms of router attributes (e.g., their location, operator, security level, and manufacturer). UPIN will thus provide the solution to a very relevant and current problem, namely that it is becoming increasingly opaque for users on the Internet who processes their data (e.g., in terms of service providers their data passes through as well as what jurisdictions apply) and that they have no control over how it is being routed. This is a risk for people’s privacy (e.g., a malicious network compromising a user’s data) as well as for their safety (e.g., an untrusted network disrupting a remote surgery).
UT, UvA, SIDN, SURFnet, NLnet Labs
Contactprof.dr. C.E.W. Hesselman (Cristian) Professor