Fundamental Sciences
Departments
Institute of Applied Computer Science
Research Laboratory of Security of Infomation Technologies
- Department of Chemistry and Bioengineering
- Department of Engineering Graphics
- Department of Graphical Systems
- Department of Information Systems
- Department of Information Technologies
- Department of Mathematical Modelling
- Department of Mathematical Statistics
- Department of Physics
- Institute of Applied Computer Science
Research Laboratory of Security of Infomation Technologies
Research and experiments in sphere of information security are concentrated in the Research Laboratory of Security of Information Technologies and the Department of Information Systems. The predecessor of the Department of Information Systems Engineering Department of Computer Science was established in 1987. Research Laboratory of Security of Information Technologies was established by Prof. Habil. Dr. Antanas Čenys in 2006 to address the scientific issues in sphere of information security. Since 2015 laboratory is supervised by Assoc. Prof. Dr. Nikolaj Goranin. The research topics in information security cover:
• biometrical and multifactor access control systems;
• modeling of different processes (malware evolution, DDoS attacks);
• optimization of security software (e.g., expert-system based minimization of load on antivirus engine);
• stylometry for user identification out of small texts (e.g. Twitter or Internet forum messages);
• optimizing application of regulative information security controls via visualization techniques;
• vizualization of different processes (e.g. malware propagation);
• artificial intelligence in security systems (risk analysis, anomaly detection and verification);
• secure system design methods;
• others (unmaned drone security, legislative security issues, etc.).
Since its establishment the laboratory has participated in a number of international and nationally funded projects, provided expertise and services (security consulting and audit) to local business, participated in governmental initiatives, activities of work groups in IT associations, related to information security (committee of IT association in Lithuania – Infobalt, ISACA Lietuva, NATO IST panel).
The main goals of the Research Laboratory of Security of Information Technologies are:
• biometrical and multifactor access control systems;
• modeling of different processes (malware evolution, DDoS attacks);
• optimization of security software (e.g., expert-system based minimization of load on antivirus engine);
• stylometry for user identification out of small texts (e.g. Twitter or Internet forum messages);
• optimizing application of regulative information security controls via visualization techniques;
• vizualization of different processes (e.g. malware propagation);
• artificial intelligence in security systems (risk analysis, anomaly detection and verification);
• secure system design methods;
• others (unmaned drone security, legislative security issues, etc.).
Since its establishment the laboratory has participated in a number of international and nationally funded projects, provided expertise and services (security consulting and audit) to local business, participated in governmental initiatives, activities of work groups in IT associations, related to information security (committee of IT association in Lithuania – Infobalt, ISACA Lietuva, NATO IST panel).
The main goals of the Research Laboratory of Security of Information Technologies are:
-
R&D activities in the field of IT security;
-
National and international collaboration with research institutions and business, related to research and teaching of IT security;
-
Research production for the IT security studies;
-
Preparing of IT security professionals.
To achieve these goals, the following tasks are defined:
-
Monitoring of national IT security situation;
-
Organizing R&D activities in the field of IT security;
-
Development of methodologies and standards related to IT security;
-
Organizing and coordinating of international research activities;
-
Development of automated intelligent IT security assurance means;
-
Providing consulting services (IT security audit);
-
Providing research and technology base for educationg specialists of IT security;
-
Collaboration with enterprise;
-
Organizing conferences, seminars and other scientific events.
The laboratory specializes in the following fields:
Application of artificial intelligence methods for attack detection and analysis – currently classical cyber-attack detection methods, based on signatures and rules demonstrate stagnation and inability to fight the zero-day, advanced-persistent-threat and similar attacks, while anomaly-based detection methods, although were exploited for a number of years, are still characterized by a huge numbers of false-positives and ability to work in relatively stable conditions. The progress achieved in recent years in sphere of deep-learning artificial intelligence techniques provide a potential for renewing the research on the topic specified and to achieve promising results. The consortium will be able to combine infrastructure for big-data analysis and AI training, access to the latest anomaly databases and staff for the research.
Cybercrime and cyber forensics – since the invention of the computer, it became a tool for performing crimes, that are computer-oriented (computer is an object) or classical (where computer is being used as a tool). The increasing number of criminal activities, performed against or with the help of computer, the complexity and variety of computer systems / technologies that need to be investigated during the criminal investigation, countermeasures applied by criminals to hide the evidence require the constant update of existing and development of new cyber-forensic techniques. Such techniques and corresponding tools could be used by governmental authorities and private companies, performing on-demand investigations.
Biometric and multifactor authentication methods – the long-lasting domination of the “What you know?” authentication methods (passwords, PINs, etc.) is being questioned by many security experts, due to its complexity and newly proposed attack-types (e.g. rainbow tables). Some of the security standards (e.g. PCI DSS) strictly recommend with a future requirement to use multifactor authentication methods. The need for reliable and user-friendly methods (e.g. biometry) also exist despite the fact that it rises a variety of ethical and privacy questions. The research would be concentrated both on technological (the increase of reliability of biometric authentication systems, integration of different authentication systems into a single multifactor system (this is especially important since currently many systems that apply multifactor authentication in fact use separate non-integrated solutions)) and evaluating the non-technical aspects with providing consultancy and recommendations to the governments.
Information security management, incident response management and business continuity – The main target group for this research area would SMEs, since situation in sphere of information security the SME sector is especially complicated. While big enterprises usually have comparatively large security budgets, can afford hiring qualified security specialists and buy leading edge security technologies, SMEs usually lack these resources, regardless the fact, that pressure to protect information assets, both business driven and regulative, is the same or sometimes even higher. Due to that most of SMEs in many cases are not even able to tell if they are victimized. The solution for this problem can be seen in applying artificial intelligence based automation methods, developing SME-optimized information security management methods, minimizing the cost of routine security processes.
Analysis of information security legislative and regulatory requirements – the increasing number of legislative and other regulative documents (e.g. security standards) is constantly increasing, can differ in different countries (this could be especially important if company operates in several countries, including non-EU states). Systematization of requirements could help in several way starting from providing consultancy services on the specific regulations to the private companies and providing recommendations for regional governments on best practice transfer from other countries. Strong collaboration with ENISA should also be established to achieve the best results.
Software and hardware security evaluation and certification methods – currently both European governmental institutions, private companies and end-users are dependant to a very high extent on the computer equipment which is produced outside the EU borders and this situation is not expected to change in the nearest future. Use of such equipment causes the potential risk of spying, EU citizen monitoring, etc. One of the possible countermeasures would be development of certification methods, that would evaluate the equipment from the security/privacy perspective. Provisioning of the certification cervices on the commercial basis could be one of the future activities of the Cybersecurity Excellence Centre, that would insure not only scientific research, but also economic self-sustainability.
IoT and SCADA system security – The cyber-security aspect of IoT (Internet of Things) and SCADA (Supervisory control and data acquisition) systems continues to raise discussion on many levels among researchers and stakeholders worldwide. Although the technology itself claims to be revolutionary, the penetration of the internet technology into a new layer of electronics brings new risks. Moreover, the lack of standardization of the architecture causes challenges in formalizing these risks. Research will focus on methods to identify IoT devices, secure IoT data and traffic, and recognize the difference between legitimate and suspicious communications, dynamic policy enforcement based upon the trustworthiness of devices and the integrity of IoT data. Collaboration with the centre of excellence on IoT, that is currently being established in Lithuania by joint efforts of VGTU, KTU (Kaunas University of Technology, Lithuanian Centre of Registers, Interactive Institute Swedish ICT AB, Linköping Universität) will be promoted.
Application of artificial intelligence methods for attack detection and analysis – currently classical cyber-attack detection methods, based on signatures and rules demonstrate stagnation and inability to fight the zero-day, advanced-persistent-threat and similar attacks, while anomaly-based detection methods, although were exploited for a number of years, are still characterized by a huge numbers of false-positives and ability to work in relatively stable conditions. The progress achieved in recent years in sphere of deep-learning artificial intelligence techniques provide a potential for renewing the research on the topic specified and to achieve promising results. The consortium will be able to combine infrastructure for big-data analysis and AI training, access to the latest anomaly databases and staff for the research.
Cybercrime and cyber forensics – since the invention of the computer, it became a tool for performing crimes, that are computer-oriented (computer is an object) or classical (where computer is being used as a tool). The increasing number of criminal activities, performed against or with the help of computer, the complexity and variety of computer systems / technologies that need to be investigated during the criminal investigation, countermeasures applied by criminals to hide the evidence require the constant update of existing and development of new cyber-forensic techniques. Such techniques and corresponding tools could be used by governmental authorities and private companies, performing on-demand investigations.
Biometric and multifactor authentication methods – the long-lasting domination of the “What you know?” authentication methods (passwords, PINs, etc.) is being questioned by many security experts, due to its complexity and newly proposed attack-types (e.g. rainbow tables). Some of the security standards (e.g. PCI DSS) strictly recommend with a future requirement to use multifactor authentication methods. The need for reliable and user-friendly methods (e.g. biometry) also exist despite the fact that it rises a variety of ethical and privacy questions. The research would be concentrated both on technological (the increase of reliability of biometric authentication systems, integration of different authentication systems into a single multifactor system (this is especially important since currently many systems that apply multifactor authentication in fact use separate non-integrated solutions)) and evaluating the non-technical aspects with providing consultancy and recommendations to the governments.
Information security management, incident response management and business continuity – The main target group for this research area would SMEs, since situation in sphere of information security the SME sector is especially complicated. While big enterprises usually have comparatively large security budgets, can afford hiring qualified security specialists and buy leading edge security technologies, SMEs usually lack these resources, regardless the fact, that pressure to protect information assets, both business driven and regulative, is the same or sometimes even higher. Due to that most of SMEs in many cases are not even able to tell if they are victimized. The solution for this problem can be seen in applying artificial intelligence based automation methods, developing SME-optimized information security management methods, minimizing the cost of routine security processes.
Analysis of information security legislative and regulatory requirements – the increasing number of legislative and other regulative documents (e.g. security standards) is constantly increasing, can differ in different countries (this could be especially important if company operates in several countries, including non-EU states). Systematization of requirements could help in several way starting from providing consultancy services on the specific regulations to the private companies and providing recommendations for regional governments on best practice transfer from other countries. Strong collaboration with ENISA should also be established to achieve the best results.
Software and hardware security evaluation and certification methods – currently both European governmental institutions, private companies and end-users are dependant to a very high extent on the computer equipment which is produced outside the EU borders and this situation is not expected to change in the nearest future. Use of such equipment causes the potential risk of spying, EU citizen monitoring, etc. One of the possible countermeasures would be development of certification methods, that would evaluate the equipment from the security/privacy perspective. Provisioning of the certification cervices on the commercial basis could be one of the future activities of the Cybersecurity Excellence Centre, that would insure not only scientific research, but also economic self-sustainability.
IoT and SCADA system security – The cyber-security aspect of IoT (Internet of Things) and SCADA (Supervisory control and data acquisition) systems continues to raise discussion on many levels among researchers and stakeholders worldwide. Although the technology itself claims to be revolutionary, the penetration of the internet technology into a new layer of electronics brings new risks. Moreover, the lack of standardization of the architecture causes challenges in formalizing these risks. Research will focus on methods to identify IoT devices, secure IoT data and traffic, and recognize the difference between legitimate and suspicious communications, dynamic policy enforcement based upon the trustworthiness of devices and the integrity of IoT data. Collaboration with the centre of excellence on IoT, that is currently being established in Lithuania by joint efforts of VGTU, KTU (Kaunas University of Technology, Lithuanian Centre of Registers, Interactive Institute Swedish ICT AB, Linköping Universität) will be promoted.
-
Lithuania
JSC nSoft
-
Cyprus
AMALGAMA INFORMATION LTD
-
Germany
Hasso-Plattner-Institut
-
Portugal
Instituto Politecnico de Beje
-
Slovenia
TECHNE d.o.o.
-
Czech Republic
DevCom
-
South Korea
Richen Tech
-
Sweden
https://www.kth.se
-
Austria
https://www.fhstp.ac.at
-
Israel
https://in.bgu.ac.il
The laboratory has successfully participated in the following projects:
- Biometry, identification and technological security in the field of e-business. 2010-2015, Eureka Biomet Security E! 5367. The main goal of the project is a biometry-based method development for information security management. A new device "Gedimino akis" has been developed. The device detects and identifies a person based on the retina of the eye. The main exceptionality of the device is the ability to trace a moving person in real time.
- Virtual IT security laboratory Tele-Lab. 2009-2011 Leonardo da Vinci.
- “The Information Warfare, Cyber Warfare and Open Sources Intelligence – IWOSI”, LLP/ ERASMUS – Intensive Programmes (IP). Projekto kodas: 2011-1-TR1-ERA10-27834.
- Virtualization, visualization and security in e-service technologies. 2012-2014. Project code: VP1-3.1-ŠMM-08-K-01-012. The main aim of the project is to develop new services in the field of virtualization, visualization and security.
- Multi-factor physical access control system. Funded by MITA. Executed in collaboration with Vilnius University and UAB nSoft.
- Intelektas LT project J05-LVPA-K-01-0238 "R&D activities for cybersecurity services"
Laboratory of Infomation Technologies Security:
-
- Page administrators:
- Emilija Blaškevič
- Ernestas Čepulionis
- Karolina Kardokaitė
- Ugnė Daraškevičiūtė