Security in Critical Information Infrastructures

Abstract

Information and Communication Technologies (ICT) are permeating the critical infrastructures that our modern society relies on, and ICT security is becoming increasingly important to all aspects of our lives. This dissertation presents security solutions from domains such as telecommunication, oil & gas, and aviation, and shows by contrasting with information about attacks and the threat of malware, that whereas a security architecture is necessary for all security solutions, software security is becoming vital to all types of development, not only security software. This dissertation addresses the following research questions: (i) How can handovers between wireless access points be performed se- curely without incurring delays that a ects VoIP user experience? The secure handover scheme using Kerberos tickets (Paper 2, Paper 3) allows for handover between 802.11 access points with a delay between 10 and 40 ms, also when the mobile station has never encountered the destination access point before. (ii) How can security functions be organized in a critical infrastructure network? The dissertation presents a novel, simple, yet elegant scheme for asset identi cation as part of the requirements elicitation process (Paper 4), and contrasts this with a requirements process in the aviation domain (Paper 5). Furthermore, two case studies demonstrating security architectures in two different domains are presented (Paper 1, Paper 7). Finally, the difficulty of measuring the security of software is discussed, emphasizing the importance of ensuring that the software engineering process includes secure software engineering practices, and that the level of adoption of such processes can be used to measure the secure software engineering maturity of an organization (Paper 6). (iii) How can a system survive a successful attack without alerting the attacker? The ISH system (Paper 9) represents a novel protection scheme where compromise of a component can be detected by multiple mechanisms, and the compromised component is removed from the system by being promoted to honeypot; achieving the dual goal of both isolating the attacker and providing intelligence on the attack to the defenders. (iv) How can a successful attack on a critical infrastructure system be mit- igated by incident handling? The IRMA method (Paper 8) is based on sustained interaction with the Norwegian oil & gas industry, and is tailored to this domain with a particular emphasis on learning from security incidents to improve handling of future incidents. (v) What is the threat posed by malware currently not detectable by signature-based anti-malware systems? The experiment reported in this dissertation (Paper 10) found that five computers with the latest version of various anti-malware software were infected by a total of 124 unique malware samples after two weeks of agressive internet activity. The dissertation discusses the challenges faced by security practitioners when convincing customers and other stakeholders of the need for security, and highlights the importance of making explicit tradeoffs between security on one hand, and cost, functionality and user-friendliness on the other.