Data security

In the emerging computing era, traditional security mechanisms such as the firewall, antivirus, and file encryption, are becoming more and more inadequate for protecting the sensitive data, from the perspective of either an individual or an organization. In many application scenarios, users need to outsource their data to third-party partners, and are therefore involuntarily forced to trust their partners to protect their data.

The research of data security aims at investigating new mechanisms, such as new algorithms and protocols, for securing private data in the new computing era. Unlike traditional approaches, our mechanisms will be data-centric and enable data owners to directly specify and enforce their own privacy policies. The specific topics of interest include (but are not limited to) search on encrypted data, proxy re-encryption, and other forms of privacy-preserving operations on sensitive data.

Selected recent publications on Data security

Bösch, C.T. and Tang, Qiang and Hartel, P.H. and Jonker, W. (2012) Selective Document Retrieval from Encrypted Database. In: 15th International Conference on Information Security (ISC), 19-21 Sep 2012, Passau, Germany. pp. 224-241. Lecture Notes in Computer Science 7483. Springer Verlag. ISBN 978-3-642-33383-5

Jeckmans, A.J.P. and Tang, Qiang and Hartel, P.H. (2012) Privacy-Preserving Collaborative Filtering based on Horizontally Partitioned Dataset. In: International Conference on Collaboration Technologies and Systems (CTS 2012), 21-25 May 2012, Denver, CO, USA. pp. 439-446. IEEE Computer Society. ISBN 978-1-4673-1381-0

Sedghi, S. (2012) Towards Provably Secure Efficiently Searchable Encryption. PhD thesis, University of Twente. CTIT Ph.D.-thesis series No. 12-219 ISBN 978-90-365-3333-1

Ibraimi, L. (2011) Cryptographically Enforced Distributed Data Access Control. PhD thesis, University of Twente. CTIT Ph.D.-thesis series No. 11-208 ISBN 978-90-365-3228-0

Buhan, I.R. and Doumen, J.M. and Hartel, P.H. and Tang, Qiang and Veldhuis, R.N.J. (2010) Embedding Renewable Cryptographic Keys into Noisy Data. International Journal of Information Security, 9 (3). pp. 193-208. ISSN 1615-5262 *** ISI Impact 0,48 ***

Network security

The DIES group looks at novel approaches to ensure the security and privacy of communication processes in wired and wireless networks.

One aspect is work on reactive security mechanisms like next-generation Intrusion Detection Systems but also the design of new forms of security and privacy protection mechanisms in future dynamic and ad-hoc networks. Applications in inter-vehicle communications and critical infrastructures IT systems (SCADA) serve to exemplify this work.

DIES is also addressing security and privacy in embedded and resource-constraint communication systems. The results are applied to Wireless Sensor Networks or embedded in-vehicle networks.

Protection of privacy in ubiquitous communication systems is a third concern that DIES is addressing. We achieve this goal by implementing new forms of data sharing that allow hiding of personal data or building remote trust and enforcing privacy policies. We also work on security analysis of communication systems, identification of new vulnerabilities, and their mitigation.

Selected recent publications on Network security

Dietzel, S. and Petit, J.Y. and Heijenk, G.J. and Kargl, F. (2013) Graph-based metrics for insider attack detection in VANET multihop data dissemination protocols. IEEE Transactions on Vehicular Technology, 62 (4). pp. 1505-1518. ISSN 0018-9545 *** ISI Impact 2,06 ***

Schaub, F. and Hipp, M. and Kargl, F. and Weber, M. (2013) On Credibility Improvements for Automotive Navigation Systems. Journal of Personal and Ubiquitous Computing, 17 (5). pp. 803-813. ISSN 1617-4909 *** ISI Impact 1,13 ***

Dressler, F. and Kargl, F. (2012) Towards security in nano-communication: Challenges and opportunities. Nano Communication Networks, 3 (3). pp. 151-160. ISSN 1878-7789

Hadžiosmanović, D. and Bolzoni, D. and Hartel, P.H. (2012) A Log Mining Approach for Process Monitoring in SCADA. International Journal of Information Security, 11 (4). pp. 231-251. ISSN 1615-5262 *** ISI Impact 0,48 ***

Hadžiosmanović, D. and Simionato, L. and Bolzoni, D. and Zambon, Emmanuele and Etalle, S. (2012) N-gram Against the Machine: On the Feasibility of the N-gram Network Analysis for Binary Protocols. In: Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012), 12-14 Sep 2012, Amsterdam, The Netherlands. pp. 354-373. Lecture Notes in Computer Science 7462. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-33337-8

Cyber security

The old saying "opportunity makes the thief" applies to the physical as well as the digital world. In the physical world, crime rates can be reduced by changing the opportunity structure. For example the introduction of steering column locks dramatically reduced car theft. The scientific discipline of crime science investigates this opportunity structure of crime. We apply the same idea to the digital world, designing and evaluating effective prevention mechanisms and policies against popular forms of cyber crime. In particular, this part of our research focuses on measuring scientifically the effectiveness of adaptations in the digital world that aim at reducing cyber crime. We aim to prove, for example, that a new cryptographic protocol is more effective at preventing Internet banking fraud than the old protocol.

Measuring cyber crime opportunities is closely related to information risk management. Risk management consists of identifying, assessing, and prioritizing risks to the security of information and information systems. This is followed by the coordinated application of resources to minimize, monitor, and control the probability and/or impact of security events. We develop and test (by means of case studies) new model-based techniques specifically tailored for the assessment and control of risks to specific information security properties, such as confidentiality, integrity and availability (CIA). These techniques deliver more precise results than traditional ad-hoc approaches. Our techniques can be used in combination with standard risk assessment methodologies.

Both in prioritizing risks and in controlling them, results from crime science can be applied. We combine cyber crime science and risk management to enable effective cyber crime prevention. This is a multidisciplinary field, and we work together with for example governance studies and philosophy to achieve our goals.

Selected recent publications on Cyber security

Montoya Morales, A.L. and Junger, M. and Hartel, P.H. (2013) How 'Digital' is Traditional Crime? In: European Intelligence and Security Informatics Conference, EISIC 2013, 12-14 Aug 2013, Uppsala, Sweden. pp. 31-37. IEEE Computer Society. ISBN 978-0-7695-5062-6

Pieters, W. and Dimkov, T. and Pavlovic, D. (2013) Security Policy Alignment: A Formal Approach. IEEE Systems Journal, 7 (2). pp. 275-287. ISSN 1932-8184 *** ISI Impact 1,27 ***

Dimkov, T. (2012) Alignment of Organizational Security Policies -- Theory and Practice. PhD thesis, University of Twente. CTIT Ph.D.-thesis series No. 12-218 ISBN 978-90-365-3331-7

Zambon, Emmanuele and Etalle, S. and Wieringa, R.J. (2012) A2thOS: availability analysis and optimisation in SLAs International Journal of Network Management, 22 (2). pp. 104-130. ISSN 1055-7148 *** ISI Impact 0,51 ***

Jafarian, J.H. and Abbasi, A. and Safaei Sheikhabadi, S. (2011) A gray-box DPDA-based intrusion detection technique using system-call monitoring. In: Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference, 01-02 Sep 2011, Perth, Australia. pp. 1-12. ACM. ISBN 978-1-4503-0788-8

Zambon, Emmanuele and Etalle, S. and Wieringa, R.J. and Hartel, P.H. (2011) Model-based Qualitative Risk Assessment for Availability of IT Infrastructures. Software and Systems Modeling, 10 (4). pp. 553-580. ISSN 1619-1366 *** ISI Impact 1,25 ***