The Advanced Cybersecurity group is focused on the methods and technologies for the protection against cyber attacks. The group is composed of teams from both universities involved in the project, namely Prof. Tanja Zseby’s team (TUW) and Dr. Jan Hajny’s team (BUT). Security of cyber-physical systems, an area where both teams are already very active, is the core of the joint research plan. In future research, WG5 will focus on particular aspects of cyber-physical security, i.e. cryptography for resource-restricted devices, machine learning for anomaly detection and side-channel attacks and stress testing of heterogeneous networks. In addition, the group will serve other working groups in their particular needs.
Who are we?
Tanja Zseby – TUW supervisor
Tanja Zseby is professor of communication networks at the Institute of telecommunications, TU Wien. She received her Dipl.-Ing. degree in electrical engineering and her Dr.-Ing. degree from Technical University Berlin, Germany. Before joining TU Wien she worked as group leader at the Fraunhofer Institute for Open Communication Systems (FOKUS) in Berlin and as a visiting scientist at UC San Diego (UCSD).
Jan Hajný – SIX supervisor
Dr. Jan Hajný has been with the Department of Telecommunications of FEEC BUT since 2008. Jan deals with the design of privacy enhancing cryptographic protocols and authentication schemes. He is involved as a team leader in several basic research projects and industry-oriented projects on ICT security. He is the head of the Cryptology Research Group at BUT and the head of the SIX Security Laboratory.
- Project „Cryptographic system for the protection of electronic identity“ with OKsystem company. The main outcome is the authentication and access control system with strong privacy protection.
- Project „Application of modern cryptographical methods to increase communication security in telematics systems“ with Honeywell company. The main outcome is the design and implementation of cryptographic protection for smart house installations.
- Project „RASSA- Referenzarchitektur für sichere Smart Grids in Österreich“, (funded by FFG). The project develops a reference architecture for secure smart grids in Austria. Severa
- Major Czech bank
Stress testing and security evaluation of network infrastructure
The bank has updated its IT infrastructure recently, including its firewalls and network filters. The bank wanted to 1) find the true performance limits of the newly purchased security devices and 2) to verify that the devices are fully functional in case a massive attack comes.
Solution: The high-speed traffic generator Spirent Avalanche 3100B was connected to the infrastructure of the bank. The testing device was configured to generate legitimate traffic (HTTP(S) requests) and analyze the behavior of the infrastructure. The load was gradually increased from Kbps to Gbps. Malicious traffic, namely various DDoS attacks, were mixed into the legitimate traffic to evaluate the operability of network filters. The complete test was running in a live infrastructure and network administrators had the right to stop the test immediately.
Results: The performance limits of the firewalls and network filters were found. The behavior of the infrastructure under extreme load was analyzed. The functionality of security devices was evaluated and devices not performing as promised by vendors were identified. The main bottleneck of the infrastructure (a particul
- J. Hajný, L. Malina, P. Dzurenda, „Privacy-PAC: Privacy-Enhanced Physical Access Control,“ in ACM CCS: WPES 2014 Proceedings. ACM, New York, NY, USA, 93-96. ISBN: 978-1-4503-3148- 7.
- F. Iglesias Vazquez, T. Zseby, „Analysis of Network Traffic Features for Anomaly Detection,“ in Machine Learning, 2014.
- J. Fabini, T. Zseby, „The Right Time: Reducing Effective End-to-End Delay in Time-Slotted Packet-Switched Networks,“ in IEEE/ACM Transactions on Networking, vol.PP, no.99, pp.1-1, doi: 10.1109/TNET.2015.2451708
- Spirent Avalanche 3100B
Device capable of performance and security testing of network infrastructures and services. Extreme traffic of up to 20 Gbps can be generated by the device to evaluate the scalability and behavior of the infrastructure or service in non-standard conditions.
- Vulnerability Scanners
Wide spectrum of vulnerability scanners is available. The scanners are able to analyze the customer’s network and find the security weaknesses, including misconfigurations, old versions of software or weak protection. Using the analysis results, the security team provides the remedy for the customer.
- Data Storage and Computing Cluster
The TUW network security lab contains a data storage and a computing cluster for network traffic analysis and anomaly detection methods. The infrastructure will also be used to collect and analyze sensor data from the microgrid lab (FUSE testbed) that is currently established at TU Wien.
- Johann Wolfgang Goethe-Universität Frankfurt, Germany
Cooperation in the field of digital identity protection and cryptographic privacy-enhancing technologies.
- Universitat Rovira i Virgili, Spain
Cooperation in the field of cryptologic protocol design, in particular the development of lightweight cryptosystems for low-performance devices, such as smart cards, sensors and microcontrollers.
- UC San Diego
Cooperation in the field of network data analysis and secure smart grid communication.
Cooperation on the design and implementation of cryptographic protocols for data encryption and authentication.
Cooperation on the analysis and evaluation of smart metering technologies with special focus on PLC (Power Line Communication).
Cooperation on the design and implementation of encryption systems for the high speed (upto 100 Gbps) network cards based on the FPGA (Field Programmable Gate Array) circuits.