Revision as of 11:03, 19 March 2024

Wiki for ITS

TEK5530 - Measurable Security for the Internet of Things

TEK5530
News	Lectures on Tuesdays 09:15-12:00 starting from . The course is given physical at ITS, meeting room 308
Organisation	UiO
by	Josef Noll

Keywords
Energy Energy monitoring Network Security Resillient Energy Networks Security Sensor networks Sensor Security

Abstract	The course provides a methodology for measurable security, privacy, and dependability of industrial systems. Based on e.g. a smart grid example we will establish and develop the methodology to perform a multi-metrics analysis from components to sub-systems to systems. The course will allow you to compare security-related application goals with the results from the system analysis.
Objective (max 350 words)	After completing the course you will be able to: Describe application-driven security and establish challenges of sensor-driven systems Provide industrial examples, e.g. Smart Grid and automatic meter readings Have an overview of security features and continuous compliance in Amazon Web Services (cloud security) Establish application-driven security goals as well as the semantics of your system Generate matrices to describe the security impact of components and sub-systems, and perform a multi-metrics analysis to establish the system security Analyse application goal versus system security and suggest improvements
Keywords	Security, Network Security, Sensor Security, Sensor networks, Energy monitoring, Energy, Resillient Energy Networks
Research Area(s)	Security
Type of course	Master

Upload TEK5530.png to see a course picture instead of the banner picture. Edit the page by Special:FormEdit/Course/TEK5530.

To add new lectures, use: Add a lecture

Info-2024

We will start with a 3h lecture on 16Jan2024 0915-1200h in a hybrid form: Gunnar Randers vei 19 (Bus from Ole Johan Dals hus (Ifi) leaves at 08:25, see https://www.mn.uio.no/its/om/finn-fram/busstider.html) and http://zoom.jnoll.net or https://uio.zoom.us/j/2313898139

The first lecture will present some of the security challenges and the topics of the course, being the basis for a discussion on interests in measurable security (e.g. energy systems, home automation, autonomous operations,....)

During the first lecture we'll also discuss during the first day the set-up of the course.

Timeline v24

Zoom: http://zoom.jnoll.net or https://uio.zoom.us/j/2313898139

Contact and info

http://Canvas.uio.no or the http://its-wiki.no/wiki/TEK5530

Note: Please remind us to take Zoom video recording.

L1-L3

16Jan L1 Intro, topics, organization (Josef) Media:TEK5530-L1_v24.pdf
- Industrial tools for security assessment, see https://expertinsights.com/insights/the-top-10-iot-securitytools/
23Jan L2 Internet of Things Media:TEK5530-L2_v24.pdf
- IoT security functionality: https://its-wiki.no/wiki/IoTSec:Smart_Meter_Connectivity
- Master/PhD AI assessment of Exposure & Impact IoT automation infrastructure (language processing)

30Jan L3 Security in the Internet of Things Media:TEK5530-L3_v24.pdf
- Paper selection from TEK5530/List_of_papers
- Theme: "Measurable Security for the Internet of Things"
- Discussion on Group Work
- select a paper and send info on "which paper" to Josef

L4-L6

6Feb2024 L4 Security Semantics Media:TEK5530-L4-SecuritySemantics_h24.pdf
- group work ideas

13Feb2024 L5 Paper presentations, see TEK5530/List of papers & Intro Multi-Metrics Method Media:TEK5530-L6_MultiMetrics_h24.pdf

20Feb2024 L6 Group work ideas Please prepare the scenario description for your home scenario, with

a) a description of applications in the home (e.g. web browsing, home control, office applications, communications, ...), and

b) establish the security and privacy (s,p) requirements for your application

L7-L9

Security processes and assessment criteria

27Feb2024 L7 Paper presentation (remaining papers) and "Walk through" Multi-Metrics, Media:TEK5530-L7_WalkThrough_h24.pdf & remaining slides Media:TEK5530-L6_MultiMetrics_h24.pdf

5Mar2024 L8 Impact/Exposure Risk Matrix assessment Media:TEK5530-L8_Impact-Exposure-Risk_h24update.pdf updated 19Mar2024

read more about the security classification model at the PhD of Manish_Shrestha, or register at https://light-sc.tech to gain access

12Mar2024 L9 Applicability of Impact/Exposure Risk Matrix and Multi-Metrics Media:TEK5530-L9_Applicability_h24.pdf

L10-L15

19Mar2024 L10 Key exchange and authentication in mobile systems (GSM, UMTS) - Media:TEK5530-L10-MobileSecurity_h24.pdf
- Media:TEK5530-Gruppearbeid-ideer.pdf Ideer om gruppearbeid, fokus på sikkerhetsarkitetur i strømkontrolle hos en kommune
- relatert til L8 (protection) og L10 slide 34 "assume zero-security infrastructure"

26Mar2024 - Påskeferie

2Apr2024 L11 Zero-trust architecture

9apr2024 L12 Gruppearbeid - (ingen forelesning)

16apr2024 L13

23Apr2024 L14 (conflict for Josef?)

30Apr2024 L15 Presentation of group work

7May2024 L15 Rehearsel and questions to course

Papers & Group work

TEK5530 - List of papers, Guide on how to search for Literature
TEK5530 - Ideas for group work including own assessment

Exam 2024

Exam on Tir 21May2024 will be performed as an oral exam, Please use frameadate https://framadate.org/TEK5530-exam to select your time slot (tbc)

As discussed, the exam will consist of 3 parts:

Part 1: Present your group-work (8 min) - assessment of Security Classes for IoT or Applying Multi-metrics Method or risk assessment of 5G maritime communications" to be delivered latest by xxx
Part 2: Questions to group work (7 min)
Part 3: Random questions from the lectures (10 min). TEK5530/List_of_Questions (you will pick 3-5 questions)

Sensorveiledning - Assessor Guidance - TEK5530 (.pdf)

Course info and lectures in previous years

TEK5530_Lectures_in_earlier_years

Course info

This course is a combined masters and Phd course (UNIK9750), in 2018 all the lectures will be presented by Gyorgy Kalman.
The course takes place on Thursdays, 0900-1600ish at ITS (UNIK) in Kjeller. This year double lectures will be given, so that we are using the day efficiently, and everybody is requested to take the tour to Kjeller. Video conferencing is available. Double lectures allows us to have the exam early in the semester so that the students can focus on their other duties in the exam period. A recording of all lectures will be provided and in addition personal follow-up is offered for students, who cannot attend some of the lectures.
We'll have video streaming: mms://lux.unik.no/401
Evaluation is based on a presentation of topics and the implementation of your scenario.

Group work

Please see the description from 2016: TEK5530 presentation of your Group Work - (suggestions and criteria) I recommend you to form 4 (3-5) person groups. I'm open for any suggestion in selecting the IT infrastructure you would like to analyse. There are not that many groups this year, so you are allowed to use longer time for your presentation.

Examples:

AMS
Smart home, home automation
Implications of GDPR on a specific IoT system
GDPR on medical IoT
smart car, vehicle-to-vehicle communication, autopilot
train control from timetables on tablet to predicting power consumption to order power supply for next month
ship control, from predictive maintenance to offering cloud storage for pictures taken on the cruise

and so on. A good delivery from 2018: Media:good_example_group_work.pdf

It should be composed from several "traditional" IT systems interconnected with some communication solution with one end being quite far from the other one. This is to enable you to decompose it to systems of systems relatively easily. Again, no single right answer, I would like to see your way of thinking.

Introduction into Internet of Things (IoT)

This first part will provide the introduction into the Internet of Things (Lecture 1 - 2), with industrial examples

Smart Grid and automatic meter system (AMS)
Smart Homes with sensors
Autonomous cars
Cloud technologies

The part will further address potential security threats (L3), through the example of the smart grid. The challenges related to attack surface, legal aspects and relation to office IT security will be presented.

The distributed nature of the future (smart) electric grid has its operational, financial, technological and social aspects. In the course we will try to cover all the aspects, with focus on the technological - more precisely: on the communication and security challenges. We expect from the operational viewpont the grid to get more unstable if no compensatory action is done to be the counterweight of renewables and consumers becoming dual role consumer/producers. We will use an example of an automatic meter reading (AMR) and -system (AMS) in L4 to address the security and privacy challenges.

The final part of this first block is addressed through lectures L5 and L6, and will create the mapping from functional requirements towards mapping into technology. Examples of such mapping are the translation of privacy requirements - can somebody see from my meter reading if I'm at home - towards technology parameters like how often are values read and published.

Machine-readable Descriptions

The next block deals with the machine-readable description of security and privacy, security functionality and system of systems through ontologies.

Establish system description examples of systems,
Describing Security and Security Functionality in a semantic way

see all SPF.IoTSec.no

Application-driven security goals

This block will develop the security goals resulting from applications.

From industrial examples, establish the functional requirements. Example: switch-off time of power circuits less than 10 ms
From the functional requirements, select the security and privacy relations
Establish application-driven security goals as well as the semantics of your system

Perform Multi-Metrics Analysis

This last block will analyse industrial examples based on the multi-metrics analysis.

Generate matrices to describe the security impact of components and sub-systems, and perform a multi-metrics analysis to establish the system security
Analyze application goal versus system security and suggest improvements

Difference between revisions of "TEK5530"

Revision as of 11:03, 19 March 2024

Contents

Info-2024

Timeline v24

L1-L3

L4-L6

L7-L9

L10-L15

Papers & Group work

Exam 2024

Course info and lectures in previous years

Introduction into Internet of Things (IoT)

Machine-readable Descriptions

Application-driven security goals

Perform Multi-Metrics Analysis

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Main

Applied Research for

List of

Forms (create or edit)

Help

Tools

@@ Line 2: / Line 2: @@
 |Title=Measurable Security for the Internet of Things
 |Abstract=The course provides a methodology for measurable security, privacy, and dependability of industrial systems. Based on e.g. a smart grid example we will establish and develop the methodology to perform a multi-metrics analysis from components to sub-systems to systems. The course will allow you to compare security-related application goals with the results from the system analysis.
-|News=Lectures on Thursdays 0900-1600h, starting from . The course is given at ITS (UNIK), Room 401.
+|News=Lectures on Tuesdays 09:15-12:00  starting from . The course is given physical at ITS, meeting room 308
-|Lecturer=György Kálmán,
+|Lecturer=Josef Noll
 |Organisation=UiO
-|Keywords=Security, Network Security, Sensor Security, Sensor networks,
+|Keywords=Security, Network Security, Sensor Security, Sensor networks, Energy monitoring, Energy, Resillient Energy Networks,
 |Objective=After completing the course you will be able to:
 * Describe application-driven security and establish challenges of sensor-driven systems
@@ Line 21: / Line 21: @@
 {{TOCright}}
-=Info - 2019=
+=Info-2024=
-* The lecture on 14th of March will be at ITS in Kjeller, given by Josef Noll
+We will start with a 3h lecture on 16Jan2024 0915-1200h in a hybrid form: Gunnar Randers vei 19 (Bus from Ole Johan Dals hus (Ifi) leaves at 08:25, see https://www.mn.uio.no/its/om/finn-fram/busstider.html) and http://zoom.jnoll.net or https://uio.zoom.us/j/2313898139
-* Course code has changed to TEK5530, the course is still offered for both master and phd students.
-* The timeline is set to be ready with the lectures before easter and have the exam before or after easter.
-* '''[[TEK5530/List of papers - 2019]]''', [[Search_for_literature|Guide on how to search for Literature]]
-* '''[[TEK5530/Report ideas - 2019]]'''
-=Lectures in TEK5530 - 2019 =
+The first lecture will present some of the security challenges and the topics of the course, being the basis for a discussion on interests in measurable security (e.g. energy systems, home automation, autonomous operations,....)
-Jan - L1: Introduction  - Handouts [[Media:TEK5530 - L1 Introduction.pdf]]
-* [https://hardware.slashdot.org/story/18/01/28/196232/giant-tesla-battery-in-australia-earns-a-million-bucks-in-a-few-days Tesla battery with high earnings when balancing the Australian grid]
-* [https://www.theguardian.com/technology/2018/sep/27/south-australias-tesla-battery-on-track-to-make-back-a-third-of-cost-in-a-year Tesla battery paid back third of investment in a year]
-* [https://www.forbes.com/sites/reenitadas/2018/11/13/top-8-healthcare-predictions-for-2019/ eHealth predictions for 2019]
-Jan - L2: Internet of Things - Handouts [[Media:TEK5530 - L2 IoT.pdf]]
+During the first lecture we'll also discuss during the first day the set-up of the course.
-* Paper used for the group work on the lecture: [https://www.cs.mun.ca/courses/cs6910/IoT-Survey-Atzori-2010.pdf]
-* Video introduction: [https://www.youtube.com/watch?v=sfEbMV295Kk IBM introduction to IoT], [https://www.youtube.com/watch?v=QaTIt1C5R-M TED talk of John Barrett] [https://www.youtube.com/watch?v=sq_l2J4oyLU Introduction to Amazon AWS IoT]
-Jan - L3: Security in the Internet of Things [[Media:TEK5530 - L3 IoTsec.pdf]]
+== Timeline v24 ==
-* [http://www.computerworld.com/article/3023445/security/advantech-industrial-serial-to-internet-gateways-wide-open-to-unauthorized-access.html Advantech Internet Gateway Vulnerability]
+Zoom: http://zoom.jnoll.net  or https://uio.zoom.us/j/2313898139
-* [https://ics-cert.us-cert.gov/alerts ICS-CERT alerts]
-* [https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=Main OWASP IoT Project]
-* [https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases Data leakage from fitness tracker app reveals base locations]
-Feb- L4: Smart Grid and AMS [[Media:TEK5530 - L4 smart_grid_ams.pdf]] and L5: Service Implications on Functional Requirements [[Media:TEK5530 - L5 service_implications.pdf]]
+Contact and info
+* http://Canvas.uio.no or the http://its-wiki.no/wiki/TEK5530
-Feb- L6: Technology mapping [[Media:TEK5530 - L6_tech_mapping.pdf]] and L9: Top 20 critical security controls [[Media:TEK5530 - L9_top_critical_controls.pdf]]
+'''Note: Please remind us to take Zoom video recording.''' <br/>
+<!---
+''Upload: https://kursopplasting.uio.no/?emne=TEK5530&semesterId=24v&terminNr=2''' --->
+<!--- Video recording will be available at https://www.uio.no/studier/emner/matnat/its/TEK5530/v23/forelesningsvideoer/ --->
-Feb- L6: Technology mapping [[Media:TEK5530 - L6_tech_mapping.pdf]] and L9: Top 20 critical security controls [[Media:TEK5530 - L9_top_critical_controls.pdf]]
+== L1-L3 ==
+<!--- {{Large|TEK5530 is performed as project work in spring 2023}} --->
+* 16Jan L1 Intro, topics, organization (Josef) [[Media:TEK5530-L1_v24.pdf]]
+** Industrial tools for security assessment, see https://expertinsights.com/insights/the-top-10-iot-securitytools/
+* 23Jan L2 Internet of Things [[Media:TEK5530-L2_v24.pdf]]
+** IoT security functionality: https://its-wiki.no/wiki/IoTSec:Smart_Meter_Connectivity
+** Master/PhD AI assessment of Exposure & Impact IoT automation infrastructure (language processing)
-Feb - Winter holiday, no lecture
+* 30Jan L3 Security in the Internet of Things [[Media:TEK5530-L3_v24.pdf]]
+** Paper selection from [[TEK5530/List_of_papers]]
+** Theme: "Measurable Security for the Internet of Things"
+** Discussion on Group Work
+** select a paper and send info on "which paper" to Josef
-Feb - L10: Intrusion detection [[Media:TEK5530 - L10_intrusion_detection.pdf]]
+== L4-L6 ==
-March - L13: Communication and security in current industrial automation [[Media:TEK5530 - L13-hardening_automation.pdf]] and L14: Cloud basics and cloud architecture [[Media:TEK5530 - L14_cloud_basics.pdf]]
+* 6Feb2024 L4 Security Semantics [[Media:TEK5530-L4-SecuritySemantics_h24.pdf]]
+** group work ideas
-Mar - 8Mar - L11 & L12
+* 13Feb2024 L5 Paper presentations, see [[TEK5530/List of papers]] & Intro Multi-Metrics Method [[Media:TEK5530-L6_MultiMetrics_h24.pdf]]
-* L11: Multi-Metrics method for measurable security and privacy- Handouts [[Media:UNIK4750-L11_Multi-Metrics.pdf]], including discussion of privacy scenarios
-** for analysis, see: # I. Garitano, S. Fayyad, J. Noll, «[[Media:Multi_Metrics_Smart_Vehicle.pdf|Multi-Metrics Approach for Security, Privacy and Dependability in Embedded Systems]]», Wireless Pers. Commun. 81, pp1359-1376  (2015)
-* L12: System Security and Privacy analysis, weighting of components and sub-systems - Handouts [[Media:UNIK4750-L12_System_Security_Privacy.pdf]]
-** Paper describing the smart grid security and privacy analysis is available from [[Multi-Metrics_approach]], or directly as: J. Noll, I. Garitano, S. Fayyad, E.  Åsberg, H. Abie, «Measurable Security, Privacy and Dependability in Smart Grids», Journal of Cyber Security, 3_4, (2015) -> http://riverpublishers.com/journal/journal_articles/RP_Journal_2245-1439_342.pdf
-<!--- * Notes from Whiteboard: [[Media:201803_UNIK4750_L10-L11.pdf]] --->
-Video recordings (2018, valid for 2019):
-L1: Introduction
+* 20Feb2024 L6 Group work ideas Please prepare the scenario description for your home scenario, with
-* Video: [https://www-adm.uio.no/studier/emner/matnat/its/TEK5530/v19/forelesningsvideoer/v18---forelesningsvideoer/unik-20180118.wmv]
+: a) a description of applications in the home (e.g. web browsing, home control, office applications, communications, ...), and
-L2: Internet of Things
+: b) establish the security and privacy (s,p) requirements for your application
-* Video : [https://www-adm.uio.no/studier/emner/matnat/its/TEK5530/v19/forelesningsvideoer/v18---forelesningsvideoer/unik-20180125a.wmv]
-L3: Security of the Internet of Things
-* Video: [https://www-adm.uio.no/studier/emner/matnat/its/TEK5530/v19/forelesningsvideoer/v18---forelesningsvideoer/unik-20180125b.wmv]
-L4: Smart grid and Automatic Meter Readings
-* Video : [https://www-adm.uio.no/studier/emner/matnat/its/TEK5530/v19/forelesningsvideoer/v18---forelesningsvideoer/unik-20180208a.wmv]
-L5: Service Implications on Functional Requirements
-* Video: [https://www-adm.uio.no/studier/emner/matnat/its/TEK5530/v19/forelesningsvideoer/v18---forelesningsvideoer/unik-20180208b.wmv]
-L6: Technology Mapping
-* Video : [https://www-adm.uio.no/studier/emner/matnat/its/TEK5530/v19/forelesningsvideoer/v18---forelesningsvideoer/unik-20180215a.wmv]
-=Info - 2018=
+== L7-L9 ==
+[[File:TEK5530_security_checklist.png|300px|right|thumb|''Security processes and assessment criteria'']]
+* 27Feb2024 L7 Paper presentation (remaining papers) and "Walk through" Multi-Metrics, [[Media:TEK5530-L7_WalkThrough_h24.pdf]] & remaining slides [[Media:TEK5530-L6_MultiMetrics_h24.pdf]]
+* 5Mar2024 L8 Impact/Exposure Risk Matrix assessment [[Media:TEK5530-L8_Impact-Exposure-Risk_h24update.pdf]] '''updated 19Mar2024'''
+:: read more about the security classification model at the PhD of [[Manish_Shrestha]], or register at  https://light-sc.tech to gain access
+* 12Mar2024 L9 Applicability of Impact/Exposure Risk Matrix and Multi-Metrics [[Media:TEK5530-L9_Applicability_h24.pdf]]
+== L10-L15 ==
+* 19Mar2024 L10 Key exchange and authentication in mobile systems (GSM, UMTS) - [[Media:TEK5530-L10-MobileSecurity_h24.pdf]]
+** [[Media:TEK5530-Gruppearbeid-ideer.pdf]] Ideer om gruppearbeid, fokus på sikkerhetsarkitetur i strømkontrolle hos en kommune
+** relatert til L8 (protection) og L10 slide 34 "assume zero-security infrastructure"
+* 26Mar2024 - Påskeferie
+* 2Apr2024 L11 Zero-trust architecture
+* 9apr2024 L12 Gruppearbeid - (ingen forelesning)
+* 16apr2024 L13
+* 23Apr2024 L14 (conflict for Josef?)
+* 30Apr2024 L15 Presentation of group work
+* 7May2024 L15 Rehearsel and questions to course
+------
+== Papers & Group work ==
+* '''[[TEK5530/List of papers|TEK5530 - List of papers]]''', [[Search_for_literature|Guide on how to search for Literature]]
+* '''[[TEK5530/Group_work|TEK5530 - Ideas for group work]]''' including own assessment
+== Exam 2024 ==
+'''Exam on  Tir 21May2024  will be performed as an oral exam,
+Please '''use frameadate https://framadate.org/TEK5530-exam to select your time slot ''' (tbc)
+*
+As discussed, the exam will consist of 3 parts:
+* Part 1: Present your group-work (8 min) - ''assessment of Security Classes for IoT'' or ''Applying Multi-metrics Method'' or ''risk assessment of 5G maritime communications" to be delivered latest by xxx
+* Part 2: Questions to group work (7 min)
+* Part 3: Random questions from the lectures (10 min). '''[[TEK5530/List_of_Questions]]''' (''you will pick 3-5 questions'')
+[[Media:Sensorveiledning_Assessor_Guidance_TEK5530.pdf|Sensorveiledning - Assessor Guidance - TEK5530 (.pdf)]]
+=Course info and lectures in previous years  =
+* [[TEK5530_Lectures_in_earlier_years]]
+Course info
 * This course is a combined masters and Phd course (UNIK9750), in 2018 all the lectures will be presented by Gyorgy Kalman.
 * The course takes place on Thursdays, 0900-1600ish at ITS (UNIK) in Kjeller. This year double lectures will be given, so that we are using the day efficiently, and everybody is requested to take the tour to Kjeller. Video conferencing is available. Double lectures allows us to have the exam early in the semester so that the students can focus on their other duties in the exam period. A recording of all lectures will be provided and in addition personal follow-up is offered for students, who cannot attend some of the lectures.
@@ Line 88: / Line 123: @@
 * Group work
-Please see the description from 2016: '''[[UNIK4750 Group Work|UNIK4750 presentation of your Group Work - (suggestions and criteria)]]'''
+Please see the description from 2016: '''[[UNIK4750 Group Work|TEK5530 presentation of your Group Work - (suggestions and criteria)]]'''
-For this year, I recommend you to form 4 (3-5) person groups. I'm open for any suggestion in selecting the IT infrastructure you would like to analyse. There are not that many groups this year, so you are allowed to use longer time for your presentation.
+I recommend you to form 4 (3-5) person groups. I'm open for any suggestion in selecting the IT infrastructure you would like to analyse. There are not that many groups this year, so you are allowed to use longer time for your presentation.
 Examples:
@@ Line 100: / Line 135: @@
 * ship control, from predictive maintenance to offering cloud storage for pictures taken on the cruise
 and so on.
-A good (A) delivery from last year: [[Media:good_example_group_work.pdf]]
+A good delivery from 2018: [[Media:good_example_group_work.pdf]]
 It should be composed from several "traditional" IT systems interconnected with some communication solution with one end being quite far from the other one. This is to enable you to decompose it to systems of systems relatively easily. Again, no single right answer, I would like to see your way of thinking.
-=Lectures in UNIK4750 - 2018 =
-Jan - L1: Introduction  - Handouts [[Media:UNIK4750-L1_Introduction 2018-01-18.pdf]]
-* Video: [http://lux.unik.no/unik4750-gk/unik-20180118.wmv]
-* [https://hardware.slashdot.org/story/18/01/28/196232/giant-tesla-battery-in-australia-earns-a-million-bucks-in-a-few-days Tesla battery with high earnings when balancing the Australian grid]
-Jan - L2: Internet of Things  - Handouts [[Media:UNIK4750-L2-Internet_of_Things-2018.pdf]]
-* Paper used for the group work on the lecture: [https://www.cs.mun.ca/courses/cs6910/IoT-Survey-Atzori-2010.pdf]
-* Video introduction: [https://www.youtube.com/watch?v=sfEbMV295Kk IBM introduction to IoT], [https://www.youtube.com/watch?v=QaTIt1C5R-M TED talk of John Barrett] [https://www.youtube.com/watch?v=sq_l2J4oyLU Introduction to Amazon AWS IoT]
-* Video : [http://lux.unik.no/unik4750-gk/unik-20180125a.wmv]
-Jan - L3: Security of the Internet of Things  - Handouts [[Media:UNIK4750-L3_Security in the Internet of Things - 2018.pdf]]
-* Video: [http://lux.unik.no/unik4750-gk/unik-20180125b.wmv]
-* '''[[UNIK4750/List of papers - 2018]]''', [[Search_for_literature|Guide on how to search for Literature]]
-* [http://www.computerworld.com/article/3023445/security/advantech-industrial-serial-to-internet-gateways-wide-open-to-unauthorized-access.html Advantech Internet Gateway Vulnerability]
-* [https://ics-cert.us-cert.gov/alerts ICS-CERT alerts]
-* [https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=Main OWASP IoT Project]
-* [https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases Data leakage from fitness tracker app reveals base locations]
-Feb - No lecture because of sickness
-Feb - L4: Smart grid and Automatic Meter Readings  - Handouts [[Media:UNIK4750-L4_Smart Grid and AMS - 2018.pdf]]
-* Video : [http://lux.unik.no/unik4750-gk/unik-20180208a.wmv]
-Feb - L5: Service Implications on Functional Requirements  - Handouts [[Media:UNIK4750-L5_Service implications on functional requirements - 2018.pdf]]
-* Video: [http://lux.unik.no/unik4750-gk/unik-20180208b.wmv]
-Feb - L6: Technology Mapping  - Handouts [[Media:UNIK4750-L6_Technology_mapping_2018.pdf]]
-* Video : [http://lux.unik.no/unik4750-gk/unik-20180215a.wmv]
-Feb - L7: Security semantics  - Handouts [[Media:UNIK4750-L7_security_semantics_2018.pdf]]
-* Video (2017): [http://lux.unik.no/UNIK4750-GK/UNIK-20170216.wmv]
-* Video (full semantics coverage, 2016 by Josef Noll): [http://lux.unik.no/UNIK4750-GK/2016/UNIK-20160317.wmv]
-* Bonus short lecture: [[Media:Communication_and_security_in_automation-2018.pdf]]
-Mar - L10:  Multi-Metrics method for measurable security and privacy- Handouts [[Media:UNIK4750-L10_Multi-Metrics.pdf]], including discussion of privacy scenarios
-* for analysis, see: # I. Garitano, S. Fayyad, J. Noll, «[[Media:Multi_Metrics_Smart_Vehicle.pdf|Multi-Metrics Approach for Security, Privacy and Dependability in Embedded Systems]]», Wireless Pers. Commun. 81, pp1359-1376  (2015)
-* L11: System Security and Privacy analysis, weighting of components and sub-systems - Handouts [[Media:UNIK4750-L11_System_Security_Privacy.pdf]]
-* Paper describing the smart grid security and privacy analysis is available from [[Multi-Metrics_approach]], or directly as: J. Noll, I. Garitano, S. Fayyad, E.  Åsberg, H. Abie, «Measurable Security, Privacy and Dependability in Smart Grids», Journal of Cyber Security, 3_4, (2015) -> http://riverpublishers.com/journal/journal_articles/RP_Journal_2245-1439_342.pdf
-* Notes from Whiteboard: [[Media:201803_UNIK4750_L10-L11.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20180308.wmv]
-Mar - L13 Guest lecture by Mohammad Chowdhury from ABB, [[Media:Securing_Industrial_Automation_and_Control_Systems.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20180315a.wmv]
-L14 - System Security and Privacy [[Media:L14_System_security_privacy.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20180315b.wmv]
-Mar - L17 Intrusion Detection Systems and Cloud Security [[Media:L17_IDS_and_Cloud.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20180322a.wmv]
-L18 - Wrap-up [[Media:L18_Wrap_up.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20180322b.wmv]
-Exam questions (minor update from 2017):   [[Media:Questions_UNIK4750_2018_students.pdf]]
 {{TOCright}}
-<br/>
-[[File:Security-Privacy-Dependability_Functionality.png|800px|Security, privacy and dependability functionality]]<br/>
-read more [[IoTSec:Security_and_Privacy_Functionality]]
 = Introduction into Internet of Things (IoT) =
@@ Line 185: / Line 162: @@
 * Describing Security and Security Functionality in a semantic way
-== Application-driven security goals ==
+[[File:IoT_Security_and_Privacy_Functionality.png|900px|Security, privacy and dependability functionality (Orig:Owncloud)]]<br/>
-This block will develop the security goals resulting from applications.
-* From industrial examples, establish the functional requirements. Example: switch-off time of power circuits less than 10 ms
-* From the functional requirements, select the security and privacy relations
-* Establish application-driven security goals as well as the semantics of your system
-== Perform Multi-Metrics Analysis ==
+[[File:Operations_Security.png|900px]]
-This last block will analyse industrial examples based on the multi-metrics analysis.
-* Generate matrices to describe the security impact of components and sub-systems, and perform a multi-metrics analysis to establish the system security
-* Analyze application goal versus system security and suggest improvements
-=Info - 2017=
+[[File:Dev_Maint_Audit_Security.png|900px]]
-* This course is a combined masters and Phd course (UNIK9750), in 2017 all the lectures will be presented by Gyorgy Kalman.
-* The course takes place on Thursdays, 0900-1600ish at ITS (UNIK) in Kjeller. This year double lectures will be given, so that we are using the day efficiently, and everybody is requested to take the tour to Kjeller. Video conferencing is still available.
-* We'll have video streaming: mms://lux.unik.no/401
-* Evaluation is based on a presentation of topics and the implementation of your scenario.
-=Lectures in UNIK4750 - 2017 =
+see all [[IoTSec:Security_and_Privacy_Functionality|SPF.IoTSec.no]]
-Jan - L1: Introduction  - Handouts [[Media:UNIK4750-L1-Introduction-2017.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20170119.wmv]
-Jan - L2: Internet of Things  - Handouts [[Media:UNIK4750-L2-Internet_of_Things-2017.pdf]]
-* Video introduction: [https://www.youtube.com/watch?v=sfEbMV295Kk IBM introduction to IoT], [https://www.youtube.com/watch?v=QaTIt1C5R-M TED talk of John Barrett]
-* Link to IoT paper referenced on the lecture slide:  [https://www.researchgate.net/publication/222571757_The_Internet_of_Things_A_Survey L. Atzori et al., The Internet of Things: A survey]
-* Video : [http://lux.unik.no/UNIK4750-GK/UNIK-20170126.wmv]
-Feb - L3: Security of the Internet of Things  - Handouts [[Media:UNIK4750-L3_Security in the Internet of Things - 2017.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20170202.wmv]
-* '''[[UNIK4750/List of papers - 2017]]''', [[Search_for_literature|Guide on how to search for Literature]]
-* [http://www.computerworld.com/article/3023445/security/advantech-industrial-serial-to-internet-gateways-wide-open-to-unauthorized-access.html Advantech Internet Gateway Vulnerability]
-* [https://ics-cert.us-cert.gov/alerts ICS-CERT alerts]
-* [https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=Main OWASP IoT Project]
-Feb - L4: Smart Grid, Automatic Meter Readings (AMR) -  Handouts [[Media:UNIK4750-L4-Automatic_Meter_Readings-2017_examples.pdf]]
-* Relevant presentation: [https://media.ccc.de/v/33c3-8272-on_smart_cities_smart_energy_and_dumb_security On Smart Cities, Smart Energy, And Dumb Security]
-* Presentation about StatNett [[Media:Program FoU konferansen 2015.pdf]]
-Feb - L5: Service implications on functional requirements - Handouts [[Media:UNIK4750-L5-Service_Implications-2017.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20170209.wmv]
-* One of my previous lectures on realtionship between security and safety: [[Media:Security_and_safety.pdf]]
-* [https://www.controlglobal.com/assets/knowledge_centers/abb/assets/3BUS095673-Whitepaper-Relationship-Safety-Security.pdf The Rocky Relationship Between Safety and Security by ABB]
-Feb - L6: Technology Mapping - Handouts [[Media:UNIK4750-L6-Technology_mapping-2017.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20170216.wmv]
-Feb - L7: Security Semantics - Handouts [[Media:UNIK4750-L7-Security_semantics-2017.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20170216.wmv]
-* For full semantics coverage please see Josef's lecture from 17th March 2016
-* Bonus short lecture: [[Media:Communication_and_security_in_automation.pdf]]
-Feb - Vinterferie
-March - L8-9 Paper presentations 1
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20170302.wmv]
-March - L10-11 Paper presentations 2
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20170309.wmv]
-March - L12: Multi-Metrics method for measurable security - Handouts [[Media:UNIK4750-L12_Multi-Metrics.pdf]]
-March - L13: System Security and Privacy analysis - Handouts [[Media:UNIK4750-L13_System_Security_Privacy.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20170316.wmv]
-March - L14: Weighting in Multi-Metrics Method [[Media:UNIK4750-L11_Weighting_AMR.pdf]] - [[Media:UNIK4750-L14_notes.pdf|Lecture Notes L11]]
-March - L15: Real-world examples (Guest lecture by Mohammad Chowdhury) - [[Media:UNIK4750-Guest-Lecture_ABB_Chowdhury.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20170323.wmv]
-March - no lecture
-April - L16: Group work presentation
-April - L17: wrap-up, [[Media:UNIK4750-L17 Wrap Up.pdf]] [[Media:Questions_UNIK4750_2017_students.pdf]]
-* Video: [http://lux.unik.no/UNIK4750-GK/UNIK-20170406.wmv]
-April - Easter holiday
-April - Exam
-=Info - 2016=
-* This course is a Master course. Please visit [[UNIK9750]] for the PhD version of the course.
-* The course takes place on Thursdays, 0900-1200h at UNIK. A video communication is available to Ifi, Room Scheme@Ifi.UiO.no (room 1251), see check: [[Video_conference]]
-* We'll have video streaming: mms://lux.unik.no/401
-* Evaluation is based on a presentation of topics and the implementation of your scenario.
-=Lectures in UNIK4750 - 2016 =
-Jan - L1: Introduction ''G,J''  - Handouts [[Media:UNIK4750-L1-Introduction.pdf]]
-* Lecture Notes [[Media:UNIK4750-L1-LectureNotes.pdf]]
-* Podcast (Audio): [https://uio-my.sharepoint.com/personal/mehdin_uio_no/_layouts/15/guestaccess.aspx?guestaccesstoken=nuwum25I9%2b6atX%2fghO0J%2f6Gdw15qzj75%2bgJtx9HfOvU%3d&docid=0569689c695234fc7b6d8617f88d502cb&expiration=28.06.2016+18%3a45%3a47 Download lecture 1]
-* Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160121.wmv Lecture 1] NB! If you are using Mac and have problem playing the video please first disable your firewall!
-Jan - L2: Internet of Things ''J'' - Handouts [[Media:UNIK4750-L2-Internet_of_Things.pdf]]
-* Video introduction: [https://www.youtube.com/watch?v=sfEbMV295Kk IBM introduction to IoT], [https://www.youtube.com/watch?v=QaTIt1C5R-M TED talk of John Barrett]
-* [https://owncloud.unik.no/index.php/s/OPPqUcpbPn0VlyP Internet of Things Paper (.pdf)]
-* Lecture Notes [[Media:UNIK4750-L2-LectureNotes.pdf]]
-* Podcast (Audio - first 30 minutes): [https://uio-my.sharepoint.com/personal/mehdin_uio_no/_layouts/15/guestaccess.aspx?guestaccesstoken=Z%2fWMGlJONTM7rbiNV2WYaUCh7Q17Ctr9A26WLH6XiN8%3d&docid=0310118f1c8a141e7a651853fa42a7e58&expiration=28.06.2016+18%3a48%3a32 Download lecture 2]
-* Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160128.wmv Lecture 2]
-Feb - L3: Security in IoT ''G'' - Paper selection - Handouts [[Media:UNIK4750-L3-Security_IoT.pdf]]
-* '''[[UNIK4750/List of papers]]''', [[Search_for_literature|Guide on how to search for Literature]]
-* [[Media:Devcon_conference_2015_Security.pdf|Devon conference paper (.pdf)]]
-* ''no lecture notes''
-* Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160204.wmv mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160204.wmv]
-Feb - L4: Smart Grid, Automatic Meter Readings (AMR) ''G'' -  Handouts [[Media:UNIK4750-L4-Automatic_Meter_Readings.pdf]]
-* Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160211.wmv mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160211.wmv]
-Feb - L5: Service implications on functional requirements ''G,(J)'' - Handouts [[Media:UNIK4750-L5-Service_Implications.pdf]]
-* Podcast (Audio): [https://uio-my.sharepoint.com/personal/mehdin_uio_no/_layouts/15/guestaccess.aspx?guestaccesstoken=v2K9iEQDddVFbKV9sQmWb8b6PSrY6mpsc6RU%2brY1yzk%3d&docid=0110eb3eb05834350b07b58675af50153 Download lecture 5]
-* Video Podcast:  [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160218.wmv mms://lux.unik.no/2016/UNIK4750-GK/UNIK-20160218.wmv] <!--- Obs! The link is not active yet, please contact '''<code>studieinfo@unik.no</code>'''. --> Unfortunately due to technical problems the first half of the lecture is not recorded but you can use [https://uio-my.sharepoint.com/personal/mehdin_uio_no/_layouts/15/guestaccess.aspx?guestaccesstoken=v2K9iEQDddVFbKV9sQmWb8b6PSrY6mpsc6RU%2brY1yzk%3d&docid=0110eb3eb05834350b07b58675af50153 this link] to download an audio file which covers the whole lecture.
-<!-- ** Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160218.wmv mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160218.wmv] Obs! The link is not active yet, please contact '''<code>studieinfo@unik.no</code>''' -->
-Mar - L6: Technology mapping ''G,(J)'' - Handouts [[Media:UNIK4750-L6-Technology_mapping.pdf]],
-* Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160303.wmv mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160303.wmv]
-* Paper: [http://www2.emersonprocess.com/siteadmincenter/PM%20Articles/InTech_MayJune2014_TopTenDiff.pdf 10 differences between ICS and IT systems]
-* Paper: [https://www.odva.org/Portals/0/Library/Conference/2015_ODVA_Conference_Woods_Practical-applications-of-Lightweight-Block%20Ciphers-FINAL-PPT.pdf Practical applications of Lightweight Block Ciphers to Secure EtherNet/IP Networks]
-* Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160303.wmv mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160303.wmv]
-Mar - L7: [[UNIK4750 Paper analysis]] with 15-20 min presentation, [[UNIK4750/List_of_papers#Evaluation_criteria|evaluation criteria]]
-Mar - L8: Security Semantics ''J'' - Handouts [[Media:UNIK4750-L8-Security_Semantics.pdf]]
-* Lecture Notes [[Media:UNIK4750-L8-LectureNotes.pdf]]
-* Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160317.wmv
-Mar - L9: Logical binding - industrial example ''J, Guest lecturer: [[Mushfiq_Chowdhury | Mushfiq Chowdhury]]''  - Handouts:  [[Media:UNIK4750-L9-handouts.pdf]]
-<!--- <span style="color:#ff0000">'''NB! Lecture will be held at room 308. IP for streaming is : 193.156.97.17 </span> --->
-* [[Media:20160331-L9-Lecture_notes.pdf]] Lecture notes
-* Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160331.wmv
-* [[Media:2016031-Project-Ideas.pdf]] - <span style="color:#ff0000">'''Information on your Project'''</span>
-Apr - L10: Multi-Metrics Method for measurable Security ''J'' - Handouts [[Media:UNIK4750-L10-Multi-Metrics.pdf]],
-* last slides from Security Semantics:  [[Media:UNIK4750-L8-Security_Semantics.pdf]]
-* Paper describing the approach: [https://www.researchgate.net/profile/Josef_Noll/publication/276839651_Multi-Metrics_Approach_for_Security_Privacy_and_Dependability_in_Embedded_Systems/links/55c48f4608aebc967df2c8b6.pdf Multi Metrics Approach for Embedded Systems (.pdf on Research Gate)]
-* [[Media:20160407-L10-Lecture_notes.pdf]] Lecture notes
-* Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160407.wmv
-Apr - L11: Multi-Metrics Weighting of an AMR sub-system ''J'' - Handouts L11 [[Media:UNIK4750-L11-AMR-weight.pdf]]
-* Paper describing the approach: [https://www.researchgate.net/publication/278505586_Measurable_Security_Privacy_and_Dependability_in_Smart_Grids Multi Metrics Approach for Smart Grids]
-* [[Media:20160414-L11-Lecture_notes.pdf]] Lecture notes
-* Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160414.wmv
-Apr - L12: System Security and Privacy analysis ''J'' - Handouts L12 [[Media:UNIK4750-L12-Security-Privacy_classes.pdf]]
-* [[Media:20160421-L12-Lecture_notes.pdf]] Lecture notes
-* Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160421.wmv
-Apr - L13: Intrusion-detection in industrial environments - ''G'' - Handouts L13 [[Media:UNIK4750-L13-Intrusion_detection.pdf]]
-* Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160428.wmv
-May - L14: Real world examples - IoTSec infrastructure ''J'' - - Handouts L14 [[Media:UNIK4750-L14-IoTSec_infrastructure.pdf]]
-* [[Media:20160421-L14-IoTSec_infrastructure.pdf]] Lecture notes
-* Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160512.wmv
-May - L15: Real world IoT service evaluation; '''[[UNIK4750 Group Work|UNIK4750 presentation of your Group Work - (suggestions and criteria)]]'''
-* Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160519.wmv
-May - ''time for exam preparation (no lecture)''
-Thursday '''2Jun''' or Wednesday '''8Jun''' - Exam  ''G,J''
-= Introduction into Internet of Things (IoT) =
-This first part will provide the introduction into the Internet of Things (''Lecture 1 - L2''), with industrial examples
-* Smart Grid and automatic meter system (AMS)
-* Smart Homes with sensors
-* Wireless System upgrade of cars
-The part will further address potential security threats (''L3''), here given for the future smart grid.
-[[File:SmartGrid_future.png|550px]]
-When the future Smart Grid consists of Prosumers (''Consumers, who might also be Producers'') with different energy sources, the grid will become more unstable. We will use an example of an automatic meter reading (AMR) and -system (AMS) in ''L4'' to address the security and privacy challenges.
-The final part of this first block is addressed through lectures ''L5'' and ''L6'', and will create the mapping from functional requirements towards mapping into technology. Examples of such mapping are the translation of privacy requirements - ''can somebody see from my meter reading if I'm at home'' - towards technology parameters like ''how often are values read and published''.
-== Machine-readable Descriptions ==
-The next block deals with the machine-readable description of security and privacy, security functionality and system of systems through ontologies.
-* Establish system description examples of systems,
-* Describing Security and Security Functionality in a semantic way
 == Application-driven security goals ==
@@ Line 376: / Line 181: @@
 * Analyze application goal versus system security and suggest improvements
-= Lecture overview with keywords =
+[[Category:TEK5530]]
-''this section is automatically filled in based on the information on this MediaWiki'' <br/>
-{{#ask: [[Category:UNIK4750]][[Date::+]]
-| ?Date
-| ?Keywords
-| sort=Date
-| order=desc
-| format=ul
-}}
-[[Category:UNIK4750]]