June 6, 2022
Protecting our physical and digital safety in hospitals and connected cars
As our society becomes more and more digital, both physical and digital risks are increasing. Phd student Guillaume Dupont of the Security group at the department of Mathematics and Computer Science explored the so-called "safeness" risks in two crucial cyber-physical areas: hospitals and modern cars. He also designed three key requirements for ensuring effective security monitoring of these domains. Dupont will defend his thesis on 7 June at TU/e.
The digitalization of our society has profoundly transformed our economy and the technological landscape, leading to an unprecedented dependency on networked systems, such as computers, smartphones, and IoT devices like CCTV camera.
Some of these environments can perform physical actions, and they collect, process and store large volumes of users' (personal) data to do so. While these technologies and operations yield many benefits, they also introduce new threats, which can have a critical impact on the "safeness" of their users, i.e., their physical safety and digital privacy.
Attacks targeting cyber-physical systems can influence machines' behavior, ultimately hurting users physically. In addition, cyber criminals stealing and abusing personal data can impact individuals by using their data to commit fraud or extortion.
Protecting safeness-critical environments can be achieved with the use of a strategy called "network security monitoring." It is a well-established concept in the "traditional" information technology world where a number of solutions such as intrusion detection systems have been developed to protect mostly computers and servers.
However, it is unclear how the current solutions perform in the context of safeness-critical environments and their unique specificities: how able are these solutions to also protect newer systems such as IoT devices and cyber-physical systems?
To answer this question Dupont investigated two environments that can be regarded as safeness-critical: healthcare delivery organizations (e.g., hospitals) and modern cars. Recent security research and real-life incidents have demonstrated the risks to their users' safeness, calling for effective security measures to protect their networks and devices (and ultimately their users).
The objective of this thesis is to identify the requirements for network security monitoring, and to provide the means to create and evaluate intrusion detection systems for these two environments.
Both studies started with an analysis of the environment's technological landscape and related threats. This first phase sheds light on the technologies and security challenges, and it helps to identify gaps with regards to current network security monitoring capabilities. The researcher then investigated the limitations of the monitoring solutions applied in the environment. Finally, he developed novel approaches suited for the specificities of the environment, as well as methods to evaluate them.
Dupont's work yields a number of contributions, including a device classification method helping identify devices on a network, the discovery of vulnerabilities in communication protocols used in hospitals, a classification of intrusion detection systems for automotive networks, as well as a framework for the evaluation of these systems.
Three requirements for security monitoring
These results enable us to identify three main requirements for the application of network security monitoring in safeness-critical environments.
First, one needs extensive (technical) information about the devices connected to the network: the types of devices, their function, etc. Second, one requires information about communication between devices: the transmission patterns, what kind data is exchanged, etc. Third, one needs the ability to evaluate network security monitoring tools such as intrusion detection systems and assess their performance.
Once these requirements are met, we can design effective network monitoring capabilities to better protect the environment and its users from cyber threats.