Cyber Security Network of Competence Centres for Europe
CyberSec4Europe (a Horizon 2020 project) is a research-based consortium with 44 participants covering 21 EU Member States and Associated Countries. As pilot for a Cybersecurity Competence Network, it will test and demonstrate potential governance structures for the network of competence centres using the best practices examples from the expertise and experience of the participants, including concepts like CERN. CyberSec4Europe will support addressing key EU Directives and Regulations, such as GDPR, PSD2, eIDAS, and ePrivacy, and help to implement the EU Cybersecurity Act including, but not limited to supporting the development of the European skills-base, the certification framework and ENISA’s role. The 26 ECSO participants in CyberSec4Europe are active in all 6 ECSO Working Groups, including chairing many subgroups in cybersecurity certification, vertical sectors, and international cooperation, as well as having representatives on the ECSO Board of Directors and the Cybersecurity Public-Private Partnership Board.
CyberSec4Europe participants address 14 key cybersecurity domain areas, 11 technology/applications elements and nine crucial vertical sectors. With over 100 cybersecurity projects, CyberSec4Europe participants have been addressing a comprehensive set of issues across the cybersecurity domain. The project demonstration cases will address cybersecurity challenges within the vertical sectors of digital infrastructure, finance, government and smart cities, health and medicine and transportation. In addition to the demonstration of the governance structure and the operation of the network, CyberSec4Europe will develop a roadmap and recommendations for the implementation of the Network of Competence Centres using the practical experience gained in the project.
Project website: https://www.cybersec4europe.eu
Project start date: 01.02.2019
Project end date: 31.07.2022
The main goal of DataBio is to show the benefits of Big Data technologies in the raw material production for the bioeconomy industry through several objectives: building a versatile DataBio platform, ensuring efficient utilisation of existing data sets, ensuring wide-spread use of DataBio platform technologies in agriculture, forestry and fishery sectors, opening the possibilities for European ICT and Earth Observation (EO) companies to participate in the global BigData market and to ensure interoperability and easy setup of new multivendor applications utilising the DataBio platform.
The main role for Cybernetica is to demonstrate how the use of interoperability, which today is perceived mainly as the enabler for e-Government services, can also be implemented in other domains. We have implemented our UXP technology to build interoperability ecosystems in several countries, to facilitate efficiency and transparency within the government. DataBio allows us to demonstrate that utilising the same principles in agriculture, forestry and fishery sectors to enable data-driven decisionmaking, dramatically increases productivity and has measurable impact to both the economy and the environment.
DataBio project is funded under the Horizon 2020, the EU Framework Programme for Research and Innovation.
Visit the project website https://www.databio.eu/en/
Start date: 01.01.2017 End date: 31.12.2019
Competence Centre project EU48693
Cybernetica AS is engaged in this subprojects Smart environment system instrumentation through two main tasks over a period of seven years, funded by the European Regional Development Fund with 60 000 euros annually.
The first main task is to develop a radio surveillance platform based on software defined radio (SDR) technology the outcome of which is a wideband SDR (SDR – software defined radio) surveillance test device which can automatically monitor and analyze radio activity in a certain region (e.g. in border proximity).
The second main task is to develop an adaptive radio network aimed at rural applications the outcome of which is an operational adaptive radio network demonstrator.
Project EU48693 is funded under the European Union European Regional Development Fund.
Visit the project website https://www.eliko.ee/competence-centre-program/
Centre of Excellence project TAR16013
Estonian Centre of Excellence in ICT Research (EXCITE) brings together the topranked ICT research groups Estonia to work jointly on a focussed, yet broad and extendable, research programme. The consortium will advance foundational theories of model verification and data analysis. On this groundwork, it will develop methods and tools for sound practices of designing and analyzing reliable and secure ICT systems processing large data volumes, as demanded by applications to domains of high socioeconomic relevance (cyberphysical and robotic systems, ehealth and biomedical systems). Project team will start with 10 cooperation themes with clearly defined objectives, methodology and expected results.
Project is funded under the European Union European Regional Development Fund.
Visit the project website https://www.excite.it.ee/
Start date: 1.09.2016 End date: 1.03.2023
Institutional Research Funding project IUT27-1
In this project we continue our work on mutually complementing theoretical and practical aspects of information systems’ security. The main directions of the project are
- Secure Multiparty Computation,
- Structured Risk Assessment of information and related systems,
- Internet voting.
Our work will result in much greater practicality of privacy-preserving computations also in areas where they are currently not considered at all, based on much-improved cryptographic protocols and ways of combining these. It will result in new and better, empirically verified methods for deriving the attack scenarios against, and measuring the security of information systems and designing secure systems on this basis. It will also result in different practical i-voting protocol sets that have formally verified security properties. The properties of each protocol are well-aligned with the expectations of the community that uses it.
Project is funded by Estonian Research Council.
Start date: 01.01.2014 End date: 31.12.2019
Novel tools for Analyzing Privacy LEakageS
A crucial challenge in the development of mission-critical enterprise systems is striking a trade-off between security and privacy assurance on the one hand, and the ability for users to obtain the information they need to achieve the organization’s goals. The NAPLES (Novel tools for Analyzing Privacy LEakageS) project will demonstrate how to seamlessly add security analysis and optimization capabilities on top of Business Process Management tools.
The main outcome will be a tool that takes as input process models with privacy metadata (which it may compute itself), and analyzes these models to detect unintentional disclosures of private data and to quantify the leakage of private information through the outputs of the process. Where privacy leakages are discovered, the tool will identify possible counter-measures. The tool will generate reports that explain to data owners the maximum extent of possible leakage of their private data, making it easier to certify the system as secure and private.
Project is funded by Defense Advanced Research Projects Agency (DARPA).
Start date: 08.10.2015 End date: 08.03.2020
Open Cooperation for European mAritime awareNess
Project’s OCEAN2020 main objective is to support maritime surveillance and interdiction missions at sea. In this regard the project will integrate enhanced air, naval surface and underwater unmanned systems into fleet operations to build up a recognised maritime picture of developing situations for military commanders. The project is run by a consortium led by Leonardo S.p.A, bringing together 42 partners from 15 EU countries. OCEAN2020 will see unmanned platforms of different type (fixed wing, rotary wing, surface and underwater) integrated with naval units’ command and control centres, allowing for data exchange via satellite, with command and control centres on land. The joint and cooperative use of both manned and unmanned vehicles will also be demonstrated as part of the project.
Project is funded by European Defence Fund.
Privacy-Preserving Computation In The Cloud
While reaping financial benefits of cloud computing, organizations hand their data to external parties, cloud service providers, for processing and storage. Instead of losing control in this process, organizations need to meet strict internal and statutory regulations.
The Seventh Framework Programme PRACTICE will mitigate insider threats and stop data leakage for computations in the cloud while maintaining economies of scale.
Creating a secure cloud framework using cryptographic technologies will provide better security and privacy guarantees for all parties in cloud-computing scenarios. Team of Top European experts
The PRACTICE consortium consists of key European experts working towards providing privacy and confidentiality for computations in the cloud. The team includes leading industrial and research companies and respected European universities. The consortium’s reach covers 11 countries and 18 organizations and the full chain from research to end-user service providers in the cloud.
Goals of the PRACTICE project are:
- getting provable guarantees from cloud providers for data confidentiality and integrity;
- computation on encrypted data, preventing even insiders from disclosing secrets or disrupting the service;
- flexible architecture and tools allowing seamless migration to new cloud platforms while gradually adding levels of protection.
The team is well posed to cover the promising fundamental technologies that help to achieve the set goals. In PRACTICE the team will investigate
- Secure Multiparty Computation (MPC),
- Fully Homomorphic Encryption (FHE),
- Domain-Specific Development Tools, and the application of
- Formal Methods to verify relevant properties of resulting systems.
Role of Cybernetica
Cybernetica contributes to PRACTICE our unique expertise in developing tools and applications using secure multiparty computation.
The Sharemind® framework makes secure multiparty computation attainable to developers who are not expert cryptographers. To speed up market adoption, Cybernetica will share our experience of building real-world cloud solutions on Sharemind® with the PRACTICE consortium.
In PRACTICE we will also enhance the developed framework and simplify building services based on secure multiparty computation. We expect that simpler and widely accessible solutions with strong security and privacy guarantees will grow the number of European cloud providers offering them.
Or team will concentrate on building tools for software developers and cloud service providers, so that a wide range of companies would be able to build secure cloud services without Cybernetica’s direct involvement.
Visit the project website https://practice-project.eu/
Project was funded under the European Union Seventh Framework Programme. Project reference: 609611
Start date: 01.11.2013 End date: 31.10.2016
Privacy preserving statistical studies on linked databases
The aim of the research project PRIST is to develop a more secure solution for studies that need linked data from different databases.
In PRIST a register-based study is conducted to compare the process and accuracy of a regular and privacy-preserving study. The aim is to discover relationships between levels of IT education and salary and between working during studies and time required for graduating.
The project is carried out by the following partners:
- Association of Information Technology and Telecommunications ITL as the decision-maker needing answers to the defined research questions,
- Estonian Center for Applied Research CentAR as the analyst and subject area expert,
- Estonian Information System’s Authority RIA, Ministry of Finance, Information Technology Center RMIT and Cybernetica as participants in the secure multiparty computation,
- data is secret-shared by Ministry of Education and Research and Estonian Tax and Customs Board,
- data processing is reviewed by the Estonian Data Protection Inspectorate.
Technology used in PRIST is based on the theory of secure multiparty computation. Secure multiparty computation preserves confidentiality of input data and only designated parties can conduct pre-specified operations with the study data. This helps researchers to respect the natural persons’ fundamental right to the protection of personal data and keep it secret with best contemporary scientific and technological guarantees.
Secure multiparty computation also offers a solution to the data owner’s problem with research where data owner loses control of data processing as soon as data is given out of the organization. With secure multiparty computation the data owner retains control of data and its processing during the whole time when data is used and can revoke this permission when needed.
During the project new privacy-preserving statistical software and research process are developed and tested. Privacy guarantees of the new process is compared with a traditional study that does not use personal data.
In the PRIST study data processing is implemented with the Sharemind® software.
Sharemind® has been developed by Cybernetica in a number of research projects and according to published information is the most complete secure multiparty computation platform existing.
The statistical software of the PRIST project is implemented as a Sharemind® application written in the imperative SecreC programming language. SecreC distinguishes between the public and private data at the data type level. With SecreC the full Sharemind® system is available to software developers without cryptographic expertise.
The project is funded by the European Regional Development Fund through the Implementing Agency Archimedes Foundation from the operational programme for the Development of the Economic Environment, priority axe for Improving the competitiveness of Estonian R&D through the research programmes and modernization of higher education and R&D institution.
The project reference in the register of structural support is 3.2.1201.13-0017.
Software Technology and Applications Competence Centre EU48684
The vision of the Software Technology and Applications Competence Centre (STACC) is to become a leading R&D organisation where companies and public sector agencies can access expertise in (big) data analytics and codevelop visionary technology product. STACC’s main business is providing data analytics and data privacy protection services to help companies to bring highquality services faster to the market. STACC has four strategic development areas: 1) Data Analytics for Software and Systems Optimization, 2) SpatioTemporal Data Analytics, 3) Big Data and Security, and 4) EHealth and Personalised Medicine. STACC strongly contributes to Estonian IT education and enhances research partners’ capacity in the field of data analytics and its applications.
The main objective of the Project is to turn STACC into a leading and economically independent R&D organisation where companies can access expertise in data analytics and codevelop visionary technology products.
Start date: 01.09.2015 End date: 31.12.2022
Project is funded under the European Union European Regional Development Fund (172 125 EUR).
Secure and Resilient Cloud Architecture
Cloud infrastructures, despite all their advantages and importance to the competitiveness of modern economies, raise fundamental questions related to the privacy, integrity, and security of offsite data storage and processing tasks. These questions are currently not answered satisfactorily by existing technologies. Furthermore, recent developments in the wake of the expansive and sometimes unauthorized government access to private and sensitive data raise major privacy and security concerns about data located in the cloud, especially when data is physically located, processed, or must transit outside the legal jurisdiction of its rightful owner. This is exacerbated by providers of cloud services that frequently move and process data without notice in ways that are detrimental to the users and their privacy.
SafeCloud will re-architect cloud infrastructures to ensure that data transmission, storage, and processing can be 1) partitioned in multiple administrative domains that are unlikely to collude, so that sensitive data can be protected by design; 2) entangled with inter-dependencies that make it impossible for any of the domains to tamper with its integrity.
These two principles (partitioning and entanglement) are thus applied holistically across the entire data management stack, from communication to storage and processing. Users will control the choice of non-colluding domains for partitioning and the tradeoffs between entanglement and performance, and thus will have full control over what happens to their data. This will make users less reluctant to manage their personal data online due to privacy concerns and will generate positive business cases for privacy-sensitive online applications such as the distributed cloud infrastructure and medical record storage platform that we address.
Visit the project website http://www.safecloud-project.eu/
Project is funded under the Horizon 2020, the EU Framework Programme for Research and Innovation. Project reference: 653884
Start date: 01.09.2015 End date: 31.08.2018
SUNFISH – SecUre iNFormatIon SHaring in federated heterogeneous private clouds
European Comission has granted financing to the Horison 2020 innovation and cooperation project SUNFISH (“SecUre iNFormatIon SHaring in federated heterogeneous private clouds”, ), where Cybernetica will help Italian and Malta Ministries of Finance and UK Police in developing and deploying information security technologies. Today the European Public Sector Players lack the necessary infrastructure and technology to allow them to integrate their computing clouds. Furthermore, legislative barriers often make it difficult to use available commercial technological solutions. The SUNFISH project aims to provide a specific and new solution to face these issues. SUNFISH will enable the secure federation of private clouds based on the Public Sector needs: federated private clouds belonging to different Public Sector Entities will be able to share data and services transparently, while maintaining required security levels. The SUNFISH project will develop and integrate software enabling secure cloud federation as required by European Public Sector bodies. The project will achieve this by meeting firstly the specific challenges faced by the Maltese and Italian Ministries of Finance, as well as by the UK Regional Cyber Crime Units, the three SUNFISH selected use cases. Solutions will be developed to be usable by other European Public Organisations, and potentially also by private sector players. SUNFISH will improve security in federated “cross-border” clouds, boosting the development of a cloud computing market in sectors where privacy and control of information propagation are essential (e.g., e-government, e-health etc.) while encouraging a better resource utilisation of Public Administration cloud infrastructure. The secure system for federated private clouds developed through the project will guarantee a high level of safety, a continuous monitoring of inter-cloud communications, and the ability to roll out services cheaply, in a fast, flexible and secure way even between different private clouds. The SUNFISH project aims to reduce the management cost of private clouds owned by Public Administrations, and – beyond pure costs savings – to accelerate the transition to 21st century interoperable and scalable public services, boosting enforcement of the European Digital Single Market.
Role of Cybernetica
Cybernetica will be cooperating with universities, governmental, research and consulting organizations from Italy, Austria, United Kingdom, Malta and Israel to develop a federated cloud framework. The key technology’s that will be used are Unified eXchange Platform (UXP, which is empowering the Estonian X-Road framework) and secure multiparty computation software Sharemind. As the result of SUNFISH, cloud computing will be boosted in security and privacy critical sectors like e-government. Also, cross-border cooperation in the European Union will be significantly simpler, safer and more efficient. Cybernetica was invited to participate in SUNFISH due to its critical role in developing the Estonian e-government and having a strong history in ICT research and development.
Visit the project website http://www.sunfishproject.eu/sunfish/the-project/
Project is funded under the Horizon 2020, the EU Framework Programme for Research and Innovation. Project reference: 644666
Start date: 1.01.2015 End date: 31.12.2017
Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security
Project TREsPASS aimed to develop a smart ‘attack navigator’, which will trace potential weak points within an organization or a given infrastructure. An information infrastructure may be protected by the best technical means possible, but in the end it is often human behavior that leads to unwanted intrusion or to the theft of information. By themselves, technical solutions will not solve these problems. That’s why universities and companies all over Europe are getting involved in the TREsPASS project, which makes specific allowance for the human dimension.
Visit the project website https://www.trespass-project.eu/
Project was funded under the European Union Seventh Framework Programme.
Start date: 01.11.2012 End date: 31.10.2016
Usable and Efficient Secure Multi-party Computation
Project UaESMC researched ways for making secure computation more practical in the real world. We looked for ways of improving the efficiency of society and economy through information sharing that leads to better business decisions and a more trusting society.
Visit the project website http://www.usable-security.eu/
Project was funded under the European Union Seventh Framework Programme.
Start date: 01.02.2012 End date: 30.01.2015
Scientific research in Cybernetica is organized in projects, where the theoretical results are applied in practice. Our scientists work together with engineers in order to implement complex protocols and algorithms in real world applications. Due to such cooperation, several science-fiction grade technologies have been made real, such as digital signatures, time stamps, Internet voting and secure multi-party computation.