research-article

Integrating and Validating Maritime Transport Security Services: Initial results from the CS4EU demonstrator

Authors:

Christos Grigoriadis,

Spyridon Papastergiou,

Panayiotis Kotzanikolaou,

Christos Douligeris,

Antreas Dionysiou,

Athanasopoulos Elias,

Karin Bernsmed,

Per Håkon Meland,

Liina KammAuthors Info & Claims

IC3-2021: Proceedings of the 2021 Thirteenth International Conference on Contemporary Computing

Pages 371 - 377

https://doi.org/10.1145/3474124.3474213

Published: 04 November 2021 Publication History

Abstract

Maritime transport is a characteristic example of a collaborative and complex cyber-physical environment, involving various stakeholders and actors, with different goals and requirements. Securing such a complex ecosystem is a challenging task and has recently attracted various research efforts in different areas including, threat management, system hardening, trust management and communication security. However, the integration and validation of such targeted maritime transport security services is a complex task that has its own challenges. In this paper we present the preliminary results of the maritime transport security services demonstrator, developed under the CyberSecurityForEurope (CS4EU) pilot project. We have set up a demonstrator to integrate, extend and validate four maritime-specific security services, covering risk and threat management, system hardening, trust management and secure communications. Our goal is to enhance the provisioning of these services and to identify possible research and implementation gaps.

References

[1]

ENISA, “Port cybersecurity-good practices for cybersecurity in the maritime sector,” 2019, https://www.enisa.europa.eu/publications/port-cybersecurity-good-practices-for-cybersecurity-in-the-maritime-sector (accessed: December 2020)

[2]

Papastergiou Spyridon, Nineta Polemi, and Athanasios Karantjias. “CYSM: An innovative physical/cyber security management system for ports.” In International Conference on Human Aspects of Information Security, Privacy, and Trust, pp. 219-230. Springer, Cham, 2015.

Digital Library

[3]

Papastergiou, Spyridon, Nineta Polemi, and Panayiotis Kotzanikolaou. “Design and validation of the Medusa supply chain risk assessment methodology and system.” International Journal of Critical Infrastructures 14, no. 1 (2018): 1-39.

[4]

Papastergiou, Spyros & Polemi, Despina. (2018). MITIGATE: A Dynamic Supply Chain Cyber Risk Assessment Methodology. 10.1007/978-981-10-6916-1_1.

[5]

Casey, Timothy. (2007). Threat Agent Library Helps Identify Information Security Risks. 10.13140/RG.2.2.30094.46406.

[6]

Sarbinowski, P., Kemerlis, V. P., Giuffrida, C., & Athanasopoulos, E. (2016, December). VTPin: practical VTable hijacking protection for binaries. In Proceedings of the 32nd Annual Conference on Computer Security Applications (pp. 448-459).

Digital Library

[7]

Diomedous, C., & Athanasopoulos, E. (2019, June). Practical Password Hardening Based on TLS. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 441-460). Springer, Cham.

[8]

Dionysiou, A. and Athanasopoulos, E. (2021). “Honeygen: Generating honeywords using representation learning,” in in Proceedings of the 16th ACM Asia Conference on Computer and Communications Security (AsiaCCS). Hong Kong, China (virtual). ACM.

Digital Library

[9]

Frøystad, C., Bernsmed, K., Meland, P.H.: Protecting future maritime communication. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, pp. 1–10 (2017)

Digital Library

[10]

Forum, M.C.D.: Identity Management and Cyber Security. IALA Input paper: ENAV19-n.n.n

[11]

Peiponen, H., Kukkonen, A.: Integrity monitoring and authentication for VDES pre-distributed public keys. IALA Committee Working Document. Input paper: ENAV18-11.10

[12]

Bour, Guillaume, Bernsmed, Karin, Borgaonkar, Ravishankar, Meland, Per Håkon: "On the Certificate Revocation Problem in the Maritime Sector." Secure IT Systems: 25th Nordic Conference, NordSec 2020, Virtual Event, November 23–24, 2020, Proceedings. Springer Nature.

[13]

“NIST Special Publication 800-30 R1: Guide for Conducting Risk Assessments,” NIST, Gaithersburg, MD, United States., 2012

[14]

IALA Guide G1139 – The Technical Specification of VDES. https://www.iala-aism.org/product/g1139-technical-specification-vdes/

[15]

Provos, N., & Mazieres, D. (1999, June). A Future-Adaptable Password Scheme. In USENIX Annual Technical Conference, FREENIX Track (pp. 81-91).

[16]

Ari Juels and Ronald L Rivest. 2013. Honeywords: Making password-cracking detectable. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 145–160.

[17]

Ding Wang, Haibo Cheng, Ping Wang, Jeff Yan, and Xinyi Huang. 2018. A Security Analysis of Honeywords. In Proceedings of the 25th Network and Distributed System Security Symposium (NDSS). 1–16.

Cited By

Amro AGkioulos V(2023)Evaluation of a Cyber Risk Assessment Approach for Cyber–Physical Systems: Maritime- and Energy-Use CasesJournal of Marine Science and Engineering10.3390/jmse1104074411:4(744)Online publication date: 29-Mar-2023
https://doi.org/10.3390/jmse11040744
Amro AGkioulos V(2022)Cyber risk management for autonomous passenger ships using threat-informed defense-in-depthInternational Journal of Information Security10.1007/s10207-022-00638-y22:1(249-288)Online publication date: 23-Nov-2022
https://dl.acm.org/doi/10.1007/s10207-022-00638-y

Recommendations

Managed security services: an emerging solution to security
InfoSecCD '05: Proceedings of the 2nd annual conference on Information security curriculum development

Recent security breaches at ChoicePoint Inc., Lexis Nexis and Citicorp have again proven that the security administration is an important function within an organization. However, for some organizations, it is practically not possible to implement the ...
Validating security policy conformance with WS-security requirements
IWSEC'10: Proceedings of the 5th international conference on Advances in information and computer security

Web Services Security (WS-Security) is a technology to secure the data exchanges in SOA applications. The security requirements for WS-Security are specified as a security policy expressed in Web Services Security Policy (WS-SecurityPolicy). The WS-I ...
Ws-Security (Web Services Security, short WsS): High-impact Strategies - What You Need to Know Definitions, Adoptions, Impact, Benefits, Maturity, Vendors

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

IC3-2021: Proceedings of the 2021 Thirteenth International Conference on Contemporary Computing

August 2021

483 pages

ISBN:9781450389204

DOI:10.1145/3474124

Copyright © 2021 Owner/Author.

This work is licensed under a Creative Commons Attribution-ShareAlike International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2021

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

IC3 '21

IC3 '21: 2021 Thirteenth International Conference on Contemporary Computing

August 5 - 7, 2021

Noida, India

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
98
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Amro AGkioulos V(2023)Evaluation of a Cyber Risk Assessment Approach for Cyber–Physical Systems: Maritime- and Energy-Use CasesJournal of Marine Science and Engineering10.3390/jmse1104074411:4(744)Online publication date: 29-Mar-2023
https://doi.org/10.3390/jmse11040744
Amro AGkioulos V(2022)Cyber risk management for autonomous passenger ships using threat-informed defense-in-depthInternational Journal of Information Security10.1007/s10207-022-00638-y22:1(249-288)Online publication date: 23-Nov-2022
https://dl.acm.org/doi/10.1007/s10207-022-00638-y

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents