UNIK4750

=Info - 2018=


 * This course is a combined masters and Phd course (UNIK9750), in 2018 all the lectures will be presented by Gyorgy Kalman.
 * The course takes place on Thursdays, 0900-1600ish at ITS (UNIK) in Kjeller. This year double lectures will be given, so that we are using the day efficiently, and everybody is requested to take the tour to Kjeller. Video conferencing is available. Double lectures allows us to have the exam early in the semester so that the students can focus on their other duties in the exam period. A recording of all lectures will be provided and in addition personal follow-up is offered for students, who cannot attend some of the lectures.
 * We'll have video streaming: mms://lux.unik.no/401
 * Evaluation is based on a presentation of topics and the implementation of your scenario.

Please see the description from 2016: UNIK4750 presentation of your Group Work - (suggestions and criteria) For this year, I recommend you to form 4 (3-5) person groups. I'm open for any suggestion in selecting the IT infrastructure you would like to analyse. There are not that many groups this year, so you are allowed to use longer time for your presentation.
 * Group work

Examples: and so on. A good (A) delivery from last year: [[Media:good_example_group_work.pdf]]
 * AMS
 * Smart home, home automation
 * Implications of GDPR on a specific IoT system
 * GDPR on medical IoT
 * smart car, vehicle-to-vehicle communication, autopilot
 * train control from timetables on tablet to predicting power consumption to order power supply for next month
 * ship control, from predictive maintenance to offering cloud storage for pictures taken on the cruise

It should be composed from several "traditional" IT systems interconnected with some communication solution with one end being quite far from the other one. This is to enable you to decompose it to systems of systems relatively easily. Again, no single right answer, I would like to see your way of thinking.

=Lectures in UNIK4750 - 2018 = 18Jan - L1: Introduction - Handouts [[Media:UNIK4750-L1_Introduction 2018-01-18.pdf]]
 * Video:
 * Tesla battery with high earnings when balancing the Australian grid

25Jan - L2: Internet of Things - Handouts [[Media:UNIK4750-L2-Internet_of_Things-2018.pdf]]
 * Paper used for the group work on the lecture:
 * Video introduction: IBM introduction to IoT, TED talk of John Barrett Introduction to Amazon AWS IoT
 * Video :

25Jan - L3: Security of the Internet of Things - Handouts [[Media:UNIK4750-L3_Security in the Internet of Things - 2018.pdf]]
 * Video:
 * UNIK4750/List of papers - 2018, Guide on how to search for Literature
 * Advantech Internet Gateway Vulnerability
 * ICS-CERT alerts
 * OWASP IoT Project
 * Data leakage from fitness tracker app reveals base locations

01Feb - No lecture because of sickness

08Feb - L4: Smart grid and Automatic Meter Readings - Handouts [[Media:UNIK4750-L4_Smart Grid and AMS - 2018.pdf]]
 * Video :

08Feb - L5: Service Implications on Functional Requirements - Handouts [[Media:UNIK4750-L5_Service implications on functional requirements - 2018.pdf]]
 * Video:

15Feb - L6: Technology Mapping - Handouts [[Media:UNIK4750-L6_Technology_mapping_2018.pdf]]
 * Video :

15Feb - L7: Security semantics - Handouts [[Media:UNIK4750-L7_security_semantics_2018.pdf]]
 * Video (2017):
 * Video (full semantics coverage, 2016 by Josef Noll):
 * Bonus short lecture: [[Media:Communication_and_security_in_automation-2018.pdf]]

8Mar - L10: Multi-Metrics method for measurable security and privacy- Handouts [[Media:UNIK4750-L10_Multi-Metrics.pdf]], including discussion of privacy scenarios
 * for analysis, see: # I. Garitano, S. Fayyad, J. Noll, «[[Media:Multi_Metrics_Smart_Vehicle.pdf|Multi-Metrics Approach for Security, Privacy and Dependability in Embedded Systems]]», Wireless Pers. Commun. 81, pp1359-1376 (2015)
 * L11: System Security and Privacy analysis, weighting of components and sub-systems - Handouts [[Media:UNIK4750-L11_System_Security_Privacy.pdf]]
 * Paper describing the smart grid security and privacy analysis is available from Multi-Metrics_approach, or directly as: J. Noll, I. Garitano, S. Fayyad, E. Åsberg, H. Abie, «Measurable Security, Privacy and Dependability in Smart Grids», Journal of Cyber Security, 3_4, (2015) -> http://riverpublishers.com/journal/journal_articles/RP_Journal_2245-1439_342.pdf
 * Notes from Whiteboard: [[Media:201803_UNIK4750_L10-L11.pdf]]
 * Video:

15Mar - L13 Guest lecture by Mohammad Chowdhury from ABB, [[Media:Securing_Industrial_Automation_and_Control_Systems.pdf]] L14 - System Security and Privacy [[Media:L14_System_security_privacy.pdf]]
 * Video:
 * Video:

22Mar - L17 Intrusion Detection Systems and Cloud Security [[Media:L17_IDS_and_Cloud.pdf]] L18 - Wrap-up [[Media:L18_Wrap_up.pdf]]
 * Video:
 * Video:

Exam questions (minor update from 2017):  [[Media:Questions_UNIK4750_2018_students.pdf]]

read more IoTSec:Security_and_Privacy_Functionality

= Introduction into Internet of Things (IoT) = This first part will provide the introduction into the Internet of Things (Lecture 1 - 2), with industrial examples
 * Smart Grid and automatic meter system (AMS)
 * Smart Homes with sensors
 * Autonomous cars
 * Cloud technologies

The part will further address potential security threats (L3), through the example of the smart grid. The challenges related to attack surface, legal aspects and relation to office IT security will be presented.



The distributed nature of the future (smart) electric grid has its operational, financial, technological and social aspects. In the course we will try to cover all the aspects, with focus on the technological - more precisely: on the communication and security challenges. We expect from the operational viewpont the grid to get more unstable if no compensatory action is done to be the counterweight of renewables and consumers becoming dual role consumer/producers. We will use an example of an automatic meter reading (AMR) and -system (AMS) in L4 to address the security and privacy challenges.

The final part of this first block is addressed through lectures L5 and L6, and will create the mapping from functional requirements towards mapping into technology. Examples of such mapping are the translation of privacy requirements - can somebody see from my meter reading if I'm at home - towards technology parameters like how often are values read and published.

Machine-readable Descriptions
The next block deals with the machine-readable description of security and privacy, security functionality and system of systems through ontologies.
 * Establish system description examples of systems,
 * Describing Security and Security Functionality in a semantic way

Application-driven security goals
This block will develop the security goals resulting from applications.
 * From industrial examples, establish the functional requirements. Example: switch-off time of power circuits less than 10 ms
 * From the functional requirements, select the security and privacy relations
 * Establish application-driven security goals as well as the semantics of your system

Perform Multi-Metrics Analysis
This last block will analyse industrial examples based on the multi-metrics analysis.
 * Generate matrices to describe the security impact of components and sub-systems, and perform a multi-metrics analysis to establish the system security
 * Analyze application goal versus system security and suggest improvements

=Info - 2017=
 * This course is a combined masters and Phd course (UNIK9750), in 2017 all the lectures will be presented by Gyorgy Kalman.
 * The course takes place on Thursdays, 0900-1600ish at ITS (UNIK) in Kjeller. This year double lectures will be given, so that we are using the day efficiently, and everybody is requested to take the tour to Kjeller. Video conferencing is still available.
 * We'll have video streaming: mms://lux.unik.no/401
 * Evaluation is based on a presentation of topics and the implementation of your scenario.

=Lectures in UNIK4750 - 2017 = 19Jan - L1: Introduction - Handouts [[Media:UNIK4750-L1-Introduction-2017.pdf]]
 * Video:

26Jan - L2: Internet of Things - Handouts [[Media:UNIK4750-L2-Internet_of_Things-2017.pdf]]
 * Video introduction: IBM introduction to IoT, TED talk of John Barrett
 * Link to IoT paper referenced on the lecture slide: L. Atzori et al., The Internet of Things: A survey
 * Video :

02Feb - L3: Security of the Internet of Things - Handouts [[Media:UNIK4750-L3_Security in the Internet of Things - 2017.pdf]]
 * Video:
 * UNIK4750/List of papers - 2017, Guide on how to search for Literature
 * Advantech Internet Gateway Vulnerability
 * ICS-CERT alerts
 * OWASP IoT Project

09Feb - L4: Smart Grid, Automatic Meter Readings (AMR) - Handouts [[Media:UNIK4750-L4-Automatic_Meter_Readings-2017_examples.pdf]]
 * Relevant presentation: On Smart Cities, Smart Energy, And Dumb Security
 * Presentation about StatNett [[Media:Program FoU konferansen 2015.pdf]]

09Feb - L5: Service implications on functional requirements - Handouts [[Media:UNIK4750-L5-Service_Implications-2017.pdf]]
 * Video:
 * One of my previous lectures on realtionship between security and safety: [[Media:Security_and_safety.pdf]]
 * The Rocky Relationship Between Safety and Security by ABB

16Feb - L6: Technology Mapping - Handouts [[Media:UNIK4750-L6-Technology_mapping-2017.pdf]]
 * Video:

16Feb - L7: Security Semantics - Handouts [[Media:UNIK4750-L7-Security_semantics-2017.pdf]]
 * Video:
 * For full semantics coverage please see Josef's lecture from 17th March 2016
 * Bonus short lecture: [[Media:Communication_and_security_in_automation.pdf]]

23Feb - Vinterferie

02March - L8-9 Paper presentations 1
 * Video:

09March - L10-11 Paper presentations 2
 * Video:

16March - L12: Multi-Metrics method for measurable security - Handouts [[Media:UNIK4750-L12_Multi-Metrics.pdf]]

16March - L13: System Security and Privacy analysis - Handouts [[Media:UNIK4750-L13_System_Security_Privacy.pdf]]
 * Video:

23March - L14: Weighting in Multi-Metrics Method [[Media:UNIK4750-L11_Weighting_AMR.pdf]] - [[Media:UNIK4750-L14_notes.pdf|Lecture Notes L11]]

23March - L15: Real-world examples (Guest lecture by Mohammad Chowdhury) - [[Media:UNIK4750-Guest-Lecture_ABB_Chowdhury.pdf]]
 * Video:

30March - no lecture

06April - L16: Group work presentation

06April - L17: wrap-up, [[Media:UNIK4750-L17 Wrap Up.pdf]] [[Media:Questions_UNIK4750_2017_students.pdf]]
 * Video:

13April - Easter holiday

20April - Exam

=Info - 2016=
 * This course is a Master course. Please visit UNIK9750 for the PhD version of the course.
 * The course takes place on Thursdays, 0900-1200h at UNIK. A video communication is available to Ifi, Room Scheme@Ifi.UiO.no (room 1251), see check: Video_conference
 * We'll have video streaming: mms://lux.unik.no/401
 * Evaluation is based on a presentation of topics and the implementation of your scenario.

=Lectures in UNIK4750 - 2016 = 21Jan - L1: Introduction G,J - Handouts [[Media:UNIK4750-L1-Introduction.pdf]]
 * Lecture Notes [[Media:UNIK4750-L1-LectureNotes.pdf]]
 * Podcast (Audio): Download lecture 1
 * Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160121.wmv Lecture 1] NB! If you are using Mac and have problem playing the video please first disable your firewall!

28Jan - L2: Internet of Things J - Handouts [[Media:UNIK4750-L2-Internet_of_Things.pdf]]
 * Video introduction: IBM introduction to IoT, TED talk of John Barrett
 * Internet of Things Paper (.pdf)
 * Lecture Notes [[Media:UNIK4750-L2-LectureNotes.pdf]]
 * Podcast (Audio - first 30 minutes): Download lecture 2
 * Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160128.wmv Lecture 2]

4Feb - L3: Security in IoT G - Paper selection - Handouts [[Media:UNIK4750-L3-Security_IoT.pdf]]
 * UNIK4750/List of papers, Guide on how to search for Literature
 * [[Media:Devcon_conference_2015_Security.pdf|Devon conference paper (.pdf)]]
 * no lecture notes
 * Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160204.wmv mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160204.wmv]

11Feb - L4: Smart Grid, Automatic Meter Readings (AMR) G - Handouts [[Media:UNIK4750-L4-Automatic_Meter_Readings.pdf]]
 * Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160211.wmv mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160211.wmv]

18Feb - L5: Service implications on functional requirements G,(J) - Handouts [[Media:UNIK4750-L5-Service_Implications.pdf]]
 * Podcast (Audio): Download lecture 5
 * Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160218.wmv mms://lux.unik.no/2016/UNIK4750-GK/UNIK-20160218.wmv]  Unfortunately due to technical problems the first half of the lecture is not recorded but you can use this link to download an audio file which covers the whole lecture.

3Mar - L6: Technology mapping G,(J) - Handouts [[Media:UNIK4750-L6-Technology_mapping.pdf]],
 * Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160303.wmv mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160303.wmv]
 * Paper: 10 differences between ICS and IT systems
 * Paper: Practical applications of Lightweight Block Ciphers to Secure EtherNet/IP Networks
 * Video Podcast: [mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160303.wmv mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160303.wmv]

10Mar - L7: UNIK4750 Paper analysis with 15-20 min presentation, evaluation criteria

17Mar - L8: Security Semantics J - Handouts [[Media:UNIK4750-L8-Security_Semantics.pdf]]
 * Lecture Notes [[Media:UNIK4750-L8-LectureNotes.pdf]]
 * Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160317.wmv

31Mar - L9: Logical binding - industrial example J, Guest lecturer: Mushfiq Chowdhury  - Handouts:  [[Media:UNIK4750-L9-handouts.pdf]]


 * [[Media:20160331-L9-Lecture_notes.pdf]] Lecture notes
 * Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160331.wmv
 * [[Media:2016031-Project-Ideas.pdf]] - Information on your Project

7Apr - L10: Multi-Metrics Method for measurable Security J - Handouts [[Media:UNIK4750-L10-Multi-Metrics.pdf]],
 * last slides from Security Semantics: [[Media:UNIK4750-L8-Security_Semantics.pdf]]
 * Paper describing the approach: Multi Metrics Approach for Embedded Systems (.pdf on Research Gate)
 * [[Media:20160407-L10-Lecture_notes.pdf]] Lecture notes
 * Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160407.wmv

14Apr - L11: Multi-Metrics Weighting of an AMR sub-system J - Handouts L11 [[Media:UNIK4750-L11-AMR-weight.pdf]]
 * Paper describing the approach: Multi Metrics Approach for Smart Grids
 * [[Media:20160414-L11-Lecture_notes.pdf]] Lecture notes
 * Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160414.wmv

21Apr - L12: System Security and Privacy analysis J - Handouts L12 [[Media:UNIK4750-L12-Security-Privacy_classes.pdf]]
 * [[Media:20160421-L12-Lecture_notes.pdf]] Lecture notes
 * Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160421.wmv

28Apr - L13: Intrusion-detection in industrial environments - G - Handouts L13 [[Media:UNIK4750-L13-Intrusion_detection.pdf]]
 * Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160428.wmv

12May - L14: Real world examples - IoTSec infrastructure J - - Handouts L14 [[Media:UNIK4750-L14-IoTSec_infrastructure.pdf]]
 * [[Media:20160421-L14-IoTSec_infrastructure.pdf]] Lecture notes
 * Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160512.wmv

19May - L15: Real world IoT service evaluation; UNIK4750 presentation of your Group Work - (suggestions and criteria)
 * Video Podcast: mms://lux.unik.no/UNIK4750-GK/2016/UNIK-20160519.wmv

26May - time for exam preparation (no lecture)

Thursday 2Jun or Wednesday 8Jun - Exam G,J

= Introduction into Internet of Things (IoT) = This first part will provide the introduction into the Internet of Things (Lecture 1 - L2), with industrial examples
 * Smart Grid and automatic meter system (AMS)
 * Smart Homes with sensors
 * Wireless System upgrade of cars

The part will further address potential security threats (L3), here given for the future smart grid.



When the future Smart Grid consists of Prosumers (Consumers, who might also be Producers) with different energy sources, the grid will become more unstable. We will use an example of an automatic meter reading (AMR) and -system (AMS) in L4 to address the security and privacy challenges.

The final part of this first block is addressed through lectures L5 and L6, and will create the mapping from functional requirements towards mapping into technology. Examples of such mapping are the translation of privacy requirements - can somebody see from my meter reading if I'm at home - towards technology parameters like how often are values read and published.

Machine-readable Descriptions
The next block deals with the machine-readable description of security and privacy, security functionality and system of systems through ontologies.
 * Establish system description examples of systems,
 * Describing Security and Security Functionality in a semantic way

Application-driven security goals
This block will develop the security goals resulting from applications.
 * From industrial examples, establish the functional requirements. Example: switch-off time of power circuits less than 10 ms
 * From the functional requirements, select the security and privacy relations
 * Establish application-driven security goals as well as the semantics of your system

Perform Multi-Metrics Analysis
This last block will analyse industrial examples based on the multi-metrics analysis.
 * Generate matrices to describe the security impact of components and sub-systems, and perform a multi-metrics analysis to establish the system security
 * Analyze application goal versus system security and suggest improvements

= Lecture overview with keywords = this section is automatically filled in based on the information on this MediaWiki