
Sjefsforsker
Habtamu Abie
- Avdeling Anvendt IKT-forskning
- Telefonnummer +47 22 85 25 95
- E-post abie@nr.stage.dekodes.no
Prosjekter
- Digital sikkerhet og personvern
Nettverk for robuste infrastrukturer
- Informasjons- og kommunikasjonsteknologi
- Digital sikkerhet og personvern
Det sikreste digitaliserte landet
- Digital sikkerhet og personvern
Desentralisert digital markedsplass
- Jordobservasjon
- Forklarbar kunstig intelligens
- Digital sikkerhet og personvern
Pålitelig og grønn KI (ENFIELD)
- Digital sikkerhet og personvern
Et rammeverk for desentralisert identitets- og samtykkehåndtering
- Digital sikkerhet og personvern
Tilpasningsdyktig helsedata i blokkjedeteknologi
Publikasjoner
- 293 publikasjoner funnet
Chockalingam, Sabarathinam; Pirbhulal, Sandeep og Abie, Habtamu. (2026).
Improving Security and Privacy of Cognitive Digital Twins Through Dynamic Consent for Healthcare and Resilient Societies.
Vis sammendrag
Cognitive Digital Twins (CDTs) are virtual models of physical systems that integrate cognitive functions with real-time Internet of Things (IoT) data to support simulation, decision-making, and cyber resilience. In domains such as healthcare and smart cities, CDTs enable advanced capabilities but also introduce significant privacy and security risks, especially due to continuous, real-time data exchange and automated decision-making. This paper presents DC-TWIN, a dynamic consent-enabled CDT framework that addresses the limitations of static, one-time consent models in real-time, data-intensive environments. DC-TWIN introduces a multi-layered architecture consisting of: (i) a multi-layered architectural stack, including user control, policy management, dynamic trust, and data governance layers, that supports compliance monitoring, risk-aware user interfaces, consent history tracking, federated identity and role binding, and adaptive trust modeling, and (ii) a dynamic consent reasoning engine that uses contextual signals (e.g., user role, device status, network activity) and human factors (e.g., cognitive load, trust calibration, fatigue) to assess data access requests in real time, issuing granular decisions (grant, deny, prompt) or escalating for clarification. We highlight key use cases in healthcare, welfare technologies, and smart cities. The framework empowers users with real-time, contextual control over how their data is accessed, shared, and reused through adaptive interfaces and personalized consent mechanisms. By integrating dynamic consent reasoning, trust calibration, and continuous feedback loops, DC-TWIN supports transparent, compliant, and user-aligned data governance. It contributes to the secure and ethical deployment of CDTs by reinforcing user autonomy, enhancing risk communication, and enabling responsive consent management in critical domains such as healthcare.
Selstad, Knut; Pirbhulal, Sandeep; Abie, Habtamu; Lehkonen, Riku og Ari, Ismail. (2026).
SecureIoT: Robust AI-Driven Cyber Threat Detection for IoT Applications.
Vis sammendrag
The cyberattack surface in critical sectors is expanding due to the rapid proliferation of Internet of Things (IoT) devices. Artificial Intelligence (AI) models, such as Deep Neural Networks (DNNs) and Convolutional Neural Networks (CNNs), offer promising capabilities for detecting and classifying cyber threats. However, these models often struggle to generalize to previously unseen attacks after deployment. This study investigates how well different AI techniques can generalize to such novel threats in the presence of class imbalance. We evaluate three data balancing strategies: Generative Adversarial Networks (GAN), Synthetic Minority Over-sampling Technique (SMOTE), and class weighting. Experimental results indicate that DNNs outperform CNNs when provided with identical input data. While each balancing method has distinct advantages and trade-offs, the highest multiclass accuracy of 81.16 % was achieved by a DNN using GAN-augmented data for the previously seen attack types. The best performance on unseen attacks was achieved by a DNN trained with SMOTE, yielding a multiclass accuracy of 51 % among eight classes. The binary classification (benign vs. malicious) results were satisfactory, with DNN using GAN-augmented data achieving an accuracy of 99.20 %. These findings highlight the importance of not only separating data into training and test splits, but also incorporating a “seen vs. unseen” evaluation strategy.
Abie, Habtamu. (2026).
SFI NORCICS Norwegian Ecosystem for Secure IT-OT Integration (NESIOT) at the ResCri Kickoff Meeting. Norsk Regnesentral
NVA
Annen presentasjon
Abie, Habtamu. (2026).
NESIOT - Norwegian Ecosystem for Secure IT-OT Integration at ResCri Webinar. IFE
NVA
Faglig foredrag
Rocha-Gomes, João; Pirbhulal, Sandeep og Abie, Habtamu. (2025).
Adaptive digital twin analysis in healthcare: An opportunity for prescription digital therapeutics.
Vis sammendrag
Health systems in Norway and across Europe are under increasing strain from chronic conditions, long waiting times, and limited clinical capacity. At the same time, evidence-based digital therapeutics (DTx) are emerging as regulated tools to prevent, manage, and treat disease through clinically validated software interventions. Scandinavia has played a pioneering role in evaluating internet-delivered cognitive behavioural therapy for conditions such as insomnia and perinatal depression, demonstrating that well-designed, integrated digital solutions can complement existing healthcare services. However, despite promising trial evidence, large-scale adoption of DTx remains inconsistent due to regulatory, reimbursement, organisational, and cultural barriers. In parallel, simulation-based methods such as discrete-event modelling and digital twins are increasingly applied to optimise healthcare delivery and test alternative service configurations. Building on these developments, this project proposes the creation of an adaptive digital twin of a chronic care pathway to analyse how different deployment strategies for prescription digital therapeutics could impact system access, resilience, and resource utilisation.
Abie, Habtamu. (2025).
The EU-CIP Knowledge Hub for Securing Critical Infrastructures. ECSO North European Cyber Days
Abie, Habtamu. (2025).
European Cluster for Securing Critical Infrastructures (ECSCI). ECSCO The North European Cyber Days
Abie, Habtamu. (2025).
Keynote presentation Chair. ECSCO The North European Cyber Days
Abie, Habtamu. (2025).
Panel discussion: Secure IT-OT Integration for Critical Infrastructure Protection and Resilience.
Abie, Habtamu. (2025).
Investing in Secure and Sovereign AI: Geopolitics and Cybersecurity in Healthcare and Critical Sectors.
Vis sammendrag
In today’s rapidly evolving geopolitical climate, cybersecurity and digital sovereignty are more critical than ever for Europe’s resilience—and for investments in AI, healthcare and other critical sectors.
Abie, Habtamu. (2025).
European Cluster for Securing Critical Infrastructures (ECSCI) – The Critical Infrastructure Protection & Resilience Europe (CIPRE) interview.
Pirbhulal, Sandeep; Muzammal, Muhammad og Abie, Habtamu. (2025).
Enabling Secure Edge Intelligence: TinyML-Based Threat Detection in 5G and Future Networks.
Vis sammendrag
The evolution of 5G networks toward 6G presents an opportunity to shift from centralized security to decentralized, intelligent, and autonomous security. While 5G introduces decentralization through software-based virtualization and edge computing, it also exposes network infrastructure to a new and dynamic threat landscape that still relies largely on static, centrally deployed threat detection. This work proposes a lightweight anomaly detection framework based on Tiny Machine Learning (TinyML), specifically designed to address the latency, memory, and energy constraints of 5G edge devices. Using promising model compression techniques, including integer quantization and pruning, we demonstrate that highly optimized models can run entirely on-device without relying on cloud infrastructure. Our experiments using a real-world 5G dataset demonstrate that the quantized TinyDenseNet achieves over 99% detection accuracy while keeping the model size below 30 KB and inference latency under 11 ms. By embedding intelligent detection at the network edge, this approach presents self-defending, ultra-reliable, and context-aware infrastructures for future 6G networks. The proposed approach focuses on next-generation networks, in which decentralized, low-power, and privacy-preserving security mechanisms will be essential.
Abie, Habtamu. (2025).
ESORICS 2025 International Workshops: AutonomousCyber 2025, CPS4CIP 2025, DisA 2025, HS3 2025, MIST 2025, Toulouse, France, September 25–26, 2025, Revised Selected Papers, Part III.
NVA
Vitenskapelig antologi/Konferanseserie
Vis sammendrag
The ESORICS 2025 Workshops proceedings deal with up to date research and practical applications in computer security.
Chockalingam, Sabarathinam; Pirbhulal, Sandeep; Misra, Sanjay; Kvalvik, Petter og Abie, Habtamu. (2025).
FedTrust: Modelling Adaptive Trust-Risk for IoT-Enabled Federated Decentralized Systems.
Vis sammendrag
Federated decentralized IoT systems are reshaping how data is exchanged and processed across domains such as smart cities and healthcare, yet ensuring trust in such dynamic, distributed environments remains a significant challenge. This paper introduces FedTrust, a layered framework that integrates decentralized communication, federated data services, and a self-adaptive trust-risk model to assess the trustworthiness of IoT devices in real time. By extending an established analytical trust model, we refine existing constructs and introduce new dimensions such as context awareness and behavioral monitoring to account for the operational variability of edge devices. Our proposed model computes risk and trust scores using weighted metrics, driving automated decisions and mitigation actions via a closed feedback loop. FedTrust provides a scalable and resilient approach for securing federated IoT ecosystems through continuous, data-driven trust calibration.
Ari, Ismail; Altunel, Nurkan Fatih; Ozgirgin, Tugce; Alisan, Ezgi Nur; Eryilmaz, Emir; Dalgan, Yarkin; Akturk, Ismail; Pirbhulal, Sandeep og Abie, Habtamu. (2025).
Providing Edge to Cloud Continuum With Adaptive Model Selection and Operational Score.
Vis sammendrag
Advancements in Deep Neural Network (DNN) models and hardware accelerators have made edge intelligence a practical alternative to cloud-based intelligence. However, application-specific requirements, such as accuracy, latency, security, and privacy, as well as workload fluctuations, necessitate dynamic allocation of edge and cloud resources. To facilitate such dynamic allocation, we propose an adaptive model selection and switching framework that leverages operational performance scores. We evaluate the approach using various object classification models, demonstrating its ability to balance accuracy and inference time while ensuring scalability and efficient resource utilization.
Pirbhulal, Sandeep; Abie, Habtamu og Muzammal, Muhammad. (2025).
AD-5GIoT: AI-based Anomaly Detection System for 5G-IoT Networks.
Vis sammendrag
In the context of a 5G-IoT communication environment, devices and users interact through the Internet, exposing them to numerous anomalies arising from diverse cybersecurity challenges including DDoS attacks, malware, and man-in-the-middle attacks. Consequently, it is essential to develop robust anomaly detection (AD) solutions specifically designed for 5G-IoT applications to safeguard them against these cyber threats. In this study, we propose an AI-based AD system that utilizes real-time traffic data for 5G-IoT networks, designed specifically for critical sectors such as healthcare, smart grid, industry 4.0, etc. The proposed AD system comprises three synchronized components aimed at enhancing the cybersecurity of 5G-enabled systems. These components include the 5G-IoT communication infrastructure, an AI-enabled AD engine, and an anomaly dashboard. To evaluate the performance of the proposed system, we conducted experiments using two AI models: Graph Neural Network (GNN) and Convolutional Neural Network (CNN). These experiments were performed on real-time 5G data, which included both benign and malicious traffic, generated over a 5G wireless network. The 5G-IoT anomaly detection system was evaluated using feature subsets, for k = 10 and k = 25. The results showed that with k = 10 and using the GNN learning model, the overall accuracy achieved was 99.19%. For the benign case, the precision was 98.86%, while for the malicious case, the precision was even higher at 99.71%. From our analysis, it can be concluded that the proposed system using GNN demonstrates promising results for binary classification in real-time 5G-IoT anomaly detection.
Abie, Habtamu og Pirbhulal, Sandeep. (2025).
CybAlliance WP2 Annual Mobility Report 2025.
Vis sammendrag
CybAlliance is dedicated to fostering excellence in both research and education within the realms of cybersecurity and privacy in the healthcare sectors of Norway, the USA, France, and Germany. To fulfill this mission, a key objective is to facilitate the national and international mobility of students, researchers, and staff members. This objective is executed under Work Package 2 (WP2), titled "Research Cooperation," specifically Task 2.1, "Mobility." The aim of Task 2.1 is to organize 24 mobility placements for students, researchers, and staff at partner institutions.
This report details the outcomes of Deliverable 2.1, the "Annual Mobility Report," for the activities carried out in the year 2025. It encompasses the planning, execution, and outcomes of the mobility stays, analyzing their impact on enhancing collaborative research and educational endeavors among the partner institutions.
Abie, Habtamu og Pirbhulal, Sandeep. (2025).
CybAlliance WP2 Annual National and International Workshops Report 2025.
Vis sammendrag
The primary objective of CybAlliance is to establish a long-term strategic alliance to enhance research and education in cybersecurity and privacy within the healthcare sector. To achieve this, one of the key objectives is to organize workshops, webinars, and open seminars, facilitating discussions among national and international collaborators about the strengths and opportunities within this domain. This objective is pursued under WP2 ("Research Cooperation"), specifically Task 2.2 ("Organize the Annual Workshop/Webinar"), which aims to hold annual workshops and webinars. These events bring together like-minded researchers and stakeholders from various regions to discuss domain-specific strengths and opportunities. Additionally, the creation of various blogs and social media articles aims to broaden awareness of potential developments to a larger audience. This task not only provides networking opportunities and a platform for disseminating results in education, research, and innovation but also contributes to developing INTPART synergies and collaborations in healthcare projects. This report details the outcomes of D2.2 ("Organize the Annual National Workshop") carried out in 2025.
Abie, Habtamu og Pirbhulal, Sandeep. (2025).
CybAlliance WP2 Annual Open Seminar Report 2025.
Vis sammendrag
CybAlliance is dedicated to enhancing healthcare security and privacy competencies by fostering international collaboration in research, innovation, and education. A key objective to support this goal is the organization of workshops, webinars, and open seminars, enabling both national and international collaborators to convene and explore the strengths and opportunities within the domain. This objective is encapsulated within WP2 ("Research Cooperation"), specifically under Task 2.3 ("Open Seminar"), which seeks to provide a platform for discussing the outcomes of the project with interested industry and academic personnel who are not part of the consortium. Through this task, the project offers networking opportunities and a platform for disseminating results related to educational, research, and innovative activities, by organizing both national and international academic and industrial open seminars. This report details the outcomes of D2.3 ("Organize Open Seminar") accomplished in 2025, highlighting the achievements and impact of this task.
Xu, Shouhuai; Pirbhulal, Sandeep og Abie, Habtamu. (2025).
An Architecture of Adaptive Cognitive Digital Twins for Resilient Healthcare Infrastructures and Services.
Vis sammendrag
Modern healthcare infrastructures and services are dependent on advanced data analytics, sensing and communication technologies that include 5G/6G networks, Artificial intelligence (AI), Internet of Medical Things (IoMT), Information Technology (IT), and Operational Technology (OT). This integration incurs a large vulnerability surface and cyber attackers can exploit those vulnerabilities to wage successful attacks against modern healthcare infrastructures and services. Therefore, identifying potential vulnerabilities in healthcare infrastructures and services and securing end-to-end monitoring of sensitive healthcare infrastructures and services are crucial for achieving resilient healthcare infrastructures and services. In this paper, we propose an architecture designed to enhance the resilience of healthcare infrastructures and services. This architecture is centered around the concept of Adaptive Cognitive Digital Twins (ACDTs), which are capable of orchestrating adaptive defenses to proactively respond to anticipated cyber attacks. Our architecture has seven layers. We detail the functions at each layer of the architecture to guide the design and development of mechanisms that can be employed at each layer.
Abie, Habtamu; Gkioulos, Vasileios; Katsikas, Sokratis og Pirbhulal, Sandeep. (2025).
Preface - Secure and Resilient Digital Transformation of Healthcare.
Vis sammendrag
SUNRISE2024isaforumforresearchersandpractitionersworkingonthesecureandresilientdigitaltransformationofhealthcare.Digitaltransformationinhealthcareencom-passestheuseofadvancedtechnologiestoenhancepatientcareandaddresstheevolvingdemandsofcaredelivery,particularlythetransitiontohome-basedcarefromhospitalsettings.Whilecenteringonpatientneeds,italsoentailsindispensableadjustmentsandadvancementsofhealthcareprocesses.Whereasvariousbenefitsofthistransforma-tionarebroadlyacknowledged,theincreasedconnectivity,thehugevolumeofsensitivehealthinformation,andthelackofsufficientcybersecurityawarenessandcultureamongbothhealthcareprofessionalsandpatientsresultinincreasedcybersecurityriskandmakedigitalhealthcareattractivetocybercriminalsandpronetocybersecurityattackssuchasphishing,ransomware,distributeddenial-of-serviceattacks,andmalware.Thecon-nectionofmedicaldevicestotheInternet,hospitalnetworks,andotherdevicesextendsthepotentialforattacks,therebyraisingconcernsforpatientsafety.TheCOVID-19pandemicbroughtattentiontotheinterconnectednatureofcybersecurityandprivacyrisksinhealthcare.Theneedtoenhancecybersecurityandresilienceinhealthcareanditssupplychainhasbeenheightened,requiringthedevelopmentofnewsolutions.Toaddressthesechallenges,theworkshopaimedtobringtogethersecurityresearchersandpractitioners,healthcareprofessionalsandmanagersofhealthcaretorethinksecuredigitalizationandresilienceofhealthcare.
Chockalingam, Sabarathinam; Pirbhulal, Sandeep; Misra, Sanjay; Kvalvik, Petter og Abie, Habtamu. (2025).
FedTrust: Modelling Adaptive Trust-Risk for IoT-enabled Federated Decentralized Systems. IEEE
NVA
Vitenskapelig foredrag
Vis sammendrag
The lecture is based on the article https://hdl.handle.net/11250/5326972
Abie, Habtamu og Pirbhulal, Sandeep. (2025).
Workshop on Securing Smart Future: AI-Based Anomaly Detection in IT-OT. Habtamu Abie and Sandeep Pirbhulal
NVA
Faglig foredrag
Ari, Ismail; Pirbhulal, Sandeep og Abie, Habtamu. (2025).
Providing Edge to Cloud Continuum with Adaptive Model Selection and Operational Score. IEEE
NVA
Faglig foredrag
Vis sammendrag
Advancements in Deep Neural Network (DNN) models and hardware accelerators have made edge intelligence a practical alternative to cloud-based intelligence. However, application specific requirements, such as accuracy, latency, security, and privacy, as well as workload fluctuations, necessitate dynamic allocation of edge and cloud resources. To facilitate such dynamic allocation, we propose an adaptive model selection and switching framework that leverages operational performance scores. We evaluate the approach using various object classification models, demonstrating its ability to balance accuracy and inference time while ensuring scalability and efficient resource utilization.
Chockalingam, Sabarathinam; Pirbhulal, Sandeep; Kaliyar, Pallavi og Abie, Habtamu. (2025).
Dynamic Safety and Security Risk Assessment in Healthcare and Critical Infrastructures.
Vis sammendrag
Critical Infrastructures, such as healthcare, are essential for maintaining societal well-being and bolstering the nation's economy. The growing integration of Cyber Physical Systems (CPSs), such as social robots, into these infrastructures has made them more susceptible to both random faults and cyber-attacks. Traditional risk assessment frameworks typically address either safety or security risks, but often lack the capability to dynamically assess and mitigate both in an integrated manner. In our previous work, we developed a Bayesian Network (BN) framework that helps in developing BN models for distinguishing random faults and attacks, primarily for diagnostic purposes. However, this framework did not include proactive security measures. In this study, we enhance the BN framework to facilitate the development of models that incorporate proactive security measures by considering mitigating factors. In addition, we introduce extended Component Fault Trees (CFTs) for knowledge elicitation, leveraging their formal structure and practitioners’ familiarity with Fault Tree analysis. We propose a translation scheme from extended CFTs to BNs to further refine the framework. The effectiveness of this framework is demonstrated through two use cases: remote patient monitoring in healthcare, and the deployment of social robots in smart cities. This study presents a holistic framework for dynamic safety and security risk assessment in critical environments, featuring a closed feedback loop between information sources and the risk evaluation and treatment stages to ensure continuous monitoring, analysis, and adaptation to evolving risks.
Abie, Habtamu; Gkioulos, Vasileios; Katsikas, Sokratis og Pirbhulal, Sandeep. (2025).
Secure and Resilient Digital Transformation of Healthcare: Second International Workshop, SUNRISE 2024, Bergen, Norway, November 25, 2024, Proceedings.
NVA
Vitenskapelig antologi/Konferanseserie
Pirbhulal, Sandeep; Abie, Habtamu og Muzammal, Muhammad. (2025).
AD-5GIoT: AI-based Anomaly Detection System for 5G-IoT Networks. IEEE
NVA
Vitenskapelig foredrag
Pirbhulal, Sandeep; Abie, Habtamu; Jullum, Martin; Nielsen, Didrik og Løland, Anders. (2025).
AI/ML for 5G and Beyond Cybersecurity.
Vis sammendrag
The advancements in communication technology (5G and beyond) and global connectivity Internet of Things (IoT) also come with new security problems that will need to be addressed in the next few years. The threats and vulnerabilities introduced by AI/ML based 5G and beyond IoT systems need to be investigated to avoid the amplification of attack vectors on AI/ML. AI/ML techniques are playing a vital role in numerous applications of cybersecurity. Despite the ongoing success, there are significant challenges in ensuring the trustworthiness of AI/ML systems. However, further research is needed to define what is considered an AI/ML threat and how it differs from threats to traditional systems, as currently there is no common understanding of what constitutes an attack on AI/ML based systems, nor how it might be created, hosted and propagated [ETSI, 2020]. Therefore, there is a need for studying the AI/ML approach to ensure safe and secure development, deployment, and operation of AI/ML based 5G and beyond IoT systems. For 5G and beyond, it is essential to continuously monitor and analyze any changing environment in real-time to identify and reduce intentional and unintentional risks. In this study, we will review the role of the AI/ML technique for 5G and beyond security. Furthermore, we will provide our perspective for predicting and mitigating 5G and beyond security using AI/ML techniques
Abie, Habtamu og Pirbhulal, Sandeep. (2025).
Webinar on Adaptive AI for Pioneering Secure Healthcare Innovation. NR
NVA
Vitenskapelig foredrag
Vis sammendrag
A compelling webinar that delves deep into the transformative impact of Adaptive AI on the healthcare industry. Discover how this cutting-edge technology is not only reshaping patient care, diagnostics, and treatment plans but also revolutionizing administrative processes by enhancing accuracy and improving outcomes. Learn about the real-time adaptive learning capabilities of AI and its role in personalizing medicine, optimizing operational efficiency, enhancing security, and setting new standards in healthcare excellence.
This session is a part of the ENFIELD project, a pioneering initiative to establish a European Center of Excellence for AI, focusing on its application in healthcare, one of the key verticals of the project. Understand how Adaptive AI, as one of the core pillars of ENFIELD, ensures trustworthiness, sustainability, and enhanced security while driving advancements in healthcare.
Ideal for healthcare professionals, AI researchers, policymakers, and tech enthusiasts, this webinar offers a unique opportunity to gain insights into the future of healthcare, shaped by ethical, sustainable, and highly effective AI solutions. Don’t miss the chance to see how Adaptive AI is pioneering secure healthcare innovation, promising transformative potential for Europe and beyond.
Haukaas, Christian; Ahle, Ulrich; Abie, Habtamu og Kvalvik, Petter. (2024).
Panel discussion and Q&A: How to build trustworthy digital infrastructure in critical sectors: challenges and opportunities in Norway and Europe. Klosser Innovasjon AS, VentureNet, IFE, Smart Innovation
NVA
Faglig foredrag
Abie, Habtamu. (2024).
Enablers of digital trust, security and safety in critical sectors. Klosser Innovasjon AS
NVA
Vitenskapelig foredrag
Abie, Habtamu og Pirbhulal, Sandeep. (2024).
Autonomous Adaptive Security Framework for 5G-Enabled IoT.
Ari, Ismail; Balkan, Kerem; Pirbhulal, Sandeep og Abie, Habtamu. (2024).
Ensuring Security Continuum from Edge to Cloud: Adaptive Security for IoT-based Critical Infrastructures using FL at the Edge.
Franke, Katrin; Abie, Habtamu; Årnes, Andre og Sandvik, Jens-Petter Skjelvåg. (2024).
Forensic triage of digital evidence from the Internet of Things.
Vis sammendrag
The Internet of Things (IoT) has long been a popular topic that has led to numerous commercial innovations and products in a wide range of fields. As the number of deployed IoT systems worldwide rises, these systems should be considered during criminal investigations. IoT forensics, a field under the digital forensics umbrella, focuses on IoT systems that have been the witness of, the tool for, or the target of an incident. The resources required for examining all devices and data in an IoT system keep increasing; this is usually not reflected in the amount of resources devoted to criminal investigations. The need for methods and technology to optimize available investigation resources is vital if we are to maintain the ability to acquire the most relevant evidence. The purpose of forensic triage is to prioritize the forensic tasks and to prioritize the devices and storage media that are most likely to contain relevant evidence. This research project has focused on methods to optimize a forensic triage in two ways: to find the lifetime of the evidence and the location of the evidence. A model of evidence volatility has been developed, consisting of information volatility and data volatility. This dichotomy of information and data is similar to the concepts of information theory, where the information a message is conveying is encoded and transmitted as data. This study also examines data volatility as the basis of evidence volatility. A generic data volatility model has been developed to analyze the Coffee file system, a file system optimized for resource-constrained IoT devices. Fog computing systems can be found in IoT systems. They are networks of nodes where data processing is offloaded from central cloud servers to nodes closer to the network’s edges, and they blur the distinction between server, producer, consumer, and infrastructure devices. When processing nodes are closer to the edges of the system, the latency of data being transmitted, processed, and returned is kept low, and the required capacity of the network links to the central parts of the network is lower than if all data has to be sent through those links. The probability of a node’s containing data is a product of the probability that the data has been in the node and that the data still exists at the current time. The data volatility describes the latter, and to find the former, a measure that would give a higher score to a node containing data has been proposed. The proposed method is contingent on knowledge about network capacities and connection strength, and about the endpoints of the nodes producing the data and the nodes consuming the processed data, and it has been tested empirically by means of network simulations. Comparing the proposed method against several graph centrality measures yielded better results for the proposed method, especially with respect to much larger networks. The measure was also insensitive to dynamic elements in the network, network topologies, and fog system architectures. In addition, two case studies have been performed and published. The first focuses on the reliability of evidence by testing the correctness of a device’s data during power failures. The second is a forensic examination and reverse engineering of the Coffee file system that has subsequently been used for data volatility research. In summary, optimizing investigation resources is becoming more important as more devices are connected to the Internet, and more complex IoT networks emerge. This research has developed and tested some models that can help investigators perform forensic triage and save their resources to locate the most relevant data from huge and complex IoT systems. Moreover, this research has laid the foundation for further research on evidence volatility, the lifetime of evidence, an essential aspect of evidence dynamics. Finally, the main objective is to give investigators methods and tools to find the most relevant evidence from resource-constrained devices in complex IoT systems, given the limited available investigation resources.
Abie, Habtamu; Gkioulos, Vasileios; Pirbhulal, Sandeep og Katsikas, Sokratis. (2024).
Secure and Resilient Digital Transformation of Healthcare. First Workshop, SUNRISE 2023, Stavanger, Norway, November 30, 2023, Proceedings.
Katsikas, Sokratis; Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Ugarelli, Rita; Praça, Isabel; Li, Wenjuan; Meng, Weizhi; Furnell, Steven; Katt, Basel; Pirbhulal, Sandeep; Shukla, Ankur; Ianni, Michele; Preda, Mila Dalla; Choo, Kim-Kwang Raymond; Correia, Miguel Pupo; Sileno, Giovanni; Alishahi, Mina; Kalutarage, Harsha og Yanai, Naoto. (2024).
Computer Security. ESORICS 2023 International Workshops. CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, The Hague, The Netherlands, September 25–29, 2023, Revised Selected Papers, Part II.
Abie, Habtamu; Gran, Bjørn Axel; Hagen, Raymond André; Raymond, Rune Winther; Omerovic, Aida og Redhu, Surender. (2024).
Adaptive AI revolutionizing cybersecurity, safety and risk management. Smart Innovation Norway, eSmart Systems, IFE
NVA
Faglig foredrag
Vis sammendrag
Adaptive AI revolutionizing cybersecurity, safety and risk management. Adaptive AI aims to continuously learn and adapt to changes in real-world circumstances. What are the opportunities, challenges, and impact of Adaptive AI on cybersecurity, safety and risk management? How does adaptive AI ensure cybersecurity resilience, safety and risk management in the face of unpredictability and uncertainty changes?
Katsikas, Sokratis; Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Ugarelli, Rita; Praça, Isabel; Li, Wenjuan; Meng, Weizhi; Furnell, Steven; Katt, Basel; Pirbhulal, Sandeep; Shukla, Ankur; Ianni, Michele; Preda, Mila Dalla; Choo, Kim-Kwang Raymond; Correia, Miguel Pupo; Abhishta, Abhishta; Sileno, Giovanni; Alishahi, Mina; Kalutarage, Harsha og Yanai, Naoto. (2024).
Computer Security. ESORICS 2023 International Workshops CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, The Hague, The Netherlands, September 25–29, 2023, Revised Selected Papers, Part II.
NVA
Vitenskapelig antologi/Konferanseserie
Abie, Habtamu; Gkioulos, Vasileios; Katsikas, Sokratis og Pirbhulal, Sandeep. (2024).
Secure and Resilient Digital Transformation of Healthcare, First Workshop, SUNRISE 2023, Stavanger, Norway, November 30, 2023, Proceedings.
Abie, Habtamu og Pirbhulal, Sandeep. (2024).
CybAlliance WP2 Annual National and International Workshops Report 2024.
Pirbhulal, Sandeep; Chockalingam, Sabarathinam; Shukla, Ankur og Abie, Habtamu. (2024).
IoT cybersecurity in 5G and beyond: a systematic literature review.
Vis sammendrag
The 5th generation (5G) and beyond use Internet of Things (IoT) to offer the feature of remote monitoring for different applications such as transportation, healthcare, and energy. There are several advantages of 5G and beyond for IoT applications like high speed and low latency. However, they are prone to cybersecurity threats due to networks softwarization and virtualization, thus raising additional security challenges and complexities. In this paper, we conducted a systematic literature review (SLR) of cybersecurity for 5G and beyond-enabled IoT. By developing a taxonomy to classify and characterize existing research, we identified and analyzed strategies, key patterns, mechanisms, performance evaluation, validation parameters and challenges of cybersecurity and resilience for 5G and beyond-enabled IoT in existing studies. We used “Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA)” recommendations for this SLR. Through our search in scientific databases, 4449 records published between 2017 and 2023 were initially identified, which were then reduced to 558 records after title and abstract screening to be considered for the eligibility check process. After screening the full-text, 79 articles were finalized for thorough analysis. The findings of this study suggest that 35% of the included studies focus on authentication and access control as security aspects, 59% studies are based on combination of both network layer and application layer as main operation layer, and 34% of the included studies use real-time implementation for validation purpose while the remaining studies utilize simulation or theoretical analysis. Our SLR also highlights open research challenges of 5G and beyond-enabled IoT cybersecurity and suggests a tentative solution for each challenge, which can be a focus of future research. Finally, key limitations of our SLR and threats to validity are addressed.
Pirbhulal, Sandeep; Chockalingam, Sabarathinam; Abie, Habtamu og Lau, Nathan. (2024).
Cognitive Digital Twins for Improving Security in IT-OT Enabled Healthcare Applications.
Vis sammendrag
Digital Twins (DTs), serving as virtual replicas of physical systems, facilitate novel pathways for real-time monitoring, and informed decision making in different healthcare applications such as remote surgery, hospital management, and telemedicine. In the rapidly evolving landscape of cyber security, the emergence of DTs has provided unparalleled capabilities of preempting cyber threats, testing incident response strategies, and compliance testing. Moreover, Cognitive Digital Twins (CDTs) not only replicate physical systems but also have the ability to learn and make decisions. However, such a human-in-the-loop decision making approach is lacking for improving security in Information Technology (IT) and Operational Technology (OT) infrastructures while IT-OT integration in healthcare introduces new cyber security concerns and an increasing threat landscape. In this study, we developed a conceptual CDT-based adaptive cyber security framework for IT-OT enabled healthcare applications which has the potential to address cyber threats in varying situations. This framework integrates physical and virtual healthcare twin for healthcare service providers in addition to a knowledge base of security/privacy events and cognitive cycle for facilitating the human-in-the-loop approach. This framework could enhance cyber security in IT-OT healthcare by incorporating interdisciplinary fields such as adaptive security, health information exchange, human factors, IT-OT integration, risk management, among others. This study also presents some prominent use cases for IT-OT healthcare systems
Abie, Habtamu; Gkioulos, Vasileios; Katsikas, Sokratis og Pirbhulal, Sandeep. (2024).
Preface - Secure and Resilient Digital Transformation of Healthcare.
Abie, Habtamu. (2024).
SFI NORCICS NESIOT (Norwegian Ecosystem for Secure IT-OT Integration) Introduction. SFI NORCICS NESIOT
NVA
Vitenskapelig foredrag
Abie, Habtamu og Pirbhulal, Sandeep. (2024).
CybAlliance WP2 Annual Open Seminar Report 2024.
Abie, Habtamu og Pirbhulal, Sandeep. (2024).
CybAlliance WP2 Annual Mobility Report 2024.
Abie, Habtamu; Pandey, Pankaj; Courbassier, Antonio; Røstad, Lillian; Gran, Bjørn Axel og Sen, Sagar. (2024).
When AI Meets IT-OT Integration: Motivations, Challenges, and Applications. SFI NORCICS NESIOT
NVA
Faglig foredrag
Vis sammendrag
Talks and discussions reflecting current activities, gaps, and support needed for standardisation, policy making and technical for use of AI, and the use of AI on OT Cyber security
Sandvik, Jens-Petter; Franke, Katrin; Abie, Habtamu og Årnes, Andre. (2023).
Evidence in the fog – Triage in fog computing systems.
Vis sammendrag
Fog computing promises improved service scalability and lower latency for IoT systems. The concept closes the gap between full computing capabilities at the network's edge and cloud systems' centrally located processing infrastructure. The drawback of the former is the high power requirements at the edge nodes, and the latter is the high latency for the data being transmitted from the edge to the cloud and back. One of the challenges for a digital forensic investigator facing a fog is the number of possible data locations, as the node functioning as the server processing data can be selected among several nodes in the network. An investigator typically has limited resources for an investigation; the more possible evidence locations, the more resources are required to collect and examine the data locations. A triage is thus needed to prioritize collecting and examining the evidence. This work analyzes measures that can identify which fog nodes are more likely to contain data, and it uses simulations to test the measures' precision and sensitivity. It aims for digital forensic investigators to maximize the utility of the available investigation resources, such that all relevant evidence is found on time.
Abie, Habtamu. (2023).
European Knowledge Hub and Policy Testbed for Critical Infrastructure Protection (EU-CIP). Forth and Norsk Regnesentral
NVA
Faglig foredrag
Abie, Habtamu. (2023).
Norwegian Ecosystem Secure IT-OT Integration at CSG kickoff. University of Jyväskylä
NVA
Faglig foredrag
Abie, Habtamu. (2023).
European Cluster for Securing Critical Infrastructures – ECSCI. Forth and Norsk Regnesentral
NVA
Faglig foredrag
Abie, Habtamu. (2023).
Norwegian Ecosystem for Secure IT-OT Integration (NESIOT). NR and NTNU
NVA
Faglig foredrag
Abie, Habtamu. (2023).
NESIOT (Norwegian Ecosystem for Secure IT-OT Integration). Forth and Norsk Regnesentral
NVA
Faglig foredrag
Abie, Habtamu. (2023).
The ECSCI Cluster Achievements.
NVA
Innledning
Vis sammendrag
The European Cluster for Securing Critical Infrastructures (ECSCI) is a cluster of EU funded R&D projects, kicked off during the H2020 Work Programme, derived by the needs and interests of projects and experts conducting research and innovation on critical infrastructures protection (CIP) and
resilience. Its initial objective and driving force are to create synergies and foster emerging disruptive solutions to security issues via cross-project collaboration and innovation.
The ECSCI cluster shares experiences and best practices about CIP in different sectors, consolidates and reflects a European approach for Cyber-Physical and Hybrid Threat Intelligence in the CIP domain, and focuses on research that protects and secures critical infrastructures and services respecting the differences between individual projects, such as the different approaches, sectors of interest, or target groups, while establishing tight and productive connections with closely related or complementary H2020 and HEU projects. This talk presents the achievements of the ECSCI cluster hitherto.
Abie, Habtamu. (2023).
The Future of the European Cluster for Securing Critical Infrastructures – ECSCI. EU-CIP Project & ECSCI Cluster
NVA
Faglig foredrag
Vis sammendrag
European Commission encourages collaboration among funded projects. The Liaison plan is to create the ECSCI (European Cluster for Securing Critical Infrastructures) cluster of EU projects dealing with cyber and physical security of critical infrastructures and underpinning complex architectures. The main high-level objectives of the ECSCI cluster are scientific collaboration, technical collaboration, communication & dissemination, stakeholder alliance, and marketplace. The presentation discusses the specific ECSCI objectives, the consolidation and reflection of a European approach for cyber-physical threat intelligence in critical infrastructure protection, collaboration & information sharing, the achievements of the cluster and its future and sustainability, and key takeaways.
Katsikas, Sokratis; Cuppens, Frédéric; Kalloniatis, Christos; Mylopoulos, John; Pallas, Frank; Pohle, Jörg; Sasse, Angela; Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Vidal, Jorge Maestre; Monge, Marco Antonio Sotelo; Albanese, Massimiliano; Katt, Basel; Pirbhulal, Sandeep og Shukla, Ankur. (2023).
Computer Security. ESORICS 2022 International Workshops, CyberICPS 2022, SECPRE 2022, SPOSE 2022, CPS4CIP 2022, CDT&SECOMANE 2022, EIS 2022, and SecAssure 2022.
NVA
Vitenskapelig antologi/Konferanseserie
Abie, Habtamu og Pirbhulal, Sandeep. (2023).
CybAlliance WP2 Annual National and International Workshops Report 2023.
Abie, Habtamu og Pirbhulal, Sandeep. (2023).
CybAlliance WP2 Annual Mobility Report 2023.
Abie, Habtamu og Pirbhulal, Sandeep. (2023).
CybAlliance WP2 Annual Open Seminar Report 2023.
Pirbhulal, Sandeep; Abie, Habtamu; Shukla, Ankur og Katt, Basel. (2023).
A Cognitive Digital Twin Architecture for Cybersecurity in IoT-Based Smart Homes.
Vis sammendrag
Home Sensing Technology Conference paper
A Cognitive Digital Twin Architecture for Cybersecurity in IoT-Based Smart Homes
Sandeep Pirbhulal, Habtamu Abie, Ankur Shukla & Basel Katt
Conference paper
First Online: 09 April 2023
336 Accesses
Part of the Lecture Notes in Electrical Engineering book series (LNEE,volume 1035)
Abstract
Cognitive Digital Twin (CDT) is an extension of Digital Twin with cognitive capabilities to monitor and analyse complex and unforeseen behaviours and to ensure critical reasoning and decision-making. Thus, CDT has a potential for enhancing cybersecurity for the Internet of Things (IoT)-based applications such as smart homes. In this paper, we developed a conceptual CDT architecture for improving cybersecurity in smart homes with dynamic threat detection and mitigation capabilities. The proposed approach applies closed feedback loops between cognitive process and cybersecurity using artificial intelligence and machine learning techniques. This will allow continuous monitoring of security-related information and analytics with complex behaviours within a virtual environment. The developed approach allows security testing and simulation in the virtual world for prediction and anticipation of dynamic security threats. It also facilitates dynamic updates to the physical world of attack prevention strategies for the dynamic optimization of smart homes security. Finally, this paper discusses the applicability of the developed CDT architecture in other IoT-based critical sectors.
Gkotsis, Ilias og Abie, Habtamu. (2023).
ECSCI: European Cluster for Securing Critical Infrastructures.
NVA
Fagartikkel
Abie, Habtamu; Gugliandolo, Emilia; Jovanovic, Aleksandar og Soldatos, John. (2023).
EU-CIP: European Knowledge Hub and Policy Testbed for Critical Infrastructure Protection.
NVA
Fagartikkel
Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Ugarelli, Rita Maria og Praça, Isabel. (2023).
CPS4CIP 2023 Preface - The 4th International Workshop on Cyber-Physical Security for Critical Infrastructures Protection.
Abie, Habtamu; Katsikas, Sokratis; Pirbhulal, Sandeep og Djupdal, Hanne Mari Solhaug. (2023).
SFI-NORCICS Norwegian Ecosystem for Secure IT-OT Integration (NESIOT) Kick-off. SFI NORCICS and NESIOT
NVA
Vitenskapelig foredrag
Abie, Habtamu; Gkotsis, Ilias; Athanatos, Manos; Ugarelli, Rita Maria; Čaleta, Denis; Lodi, Lorenzo; Peppo, Fabrizio Di og Jovanović, Aleksandar. (2023).
Consolidated Proceedings of the Second ECSCI Workshop on Critical Infrastructure Protection and Resilience.
Vis sammendrag
Modern critical infrastructures (or “critical entities” as now defined in the new EU-CER Directive) are becoming increasingly complex, turning into distributed, large-scale cyber-physical systems. Cyberphysical attacks are increasing in number, scope, and sophistication, making it difficult to predict their total impact. Thus, addressing cyber security and physical security separately is no longer effective, but more integrated approaches, that consider both physical security risks and cyber-security risks, along with their interrelationships, interactions and cascading effects, are needed to face the challenge of combined cyber-physical attacks. Addressing them successfully, need coordinated and integrated responses, which must be disseminated and exploited further to the EU funded projects’ frameworks or individual research studies’ reports, through raising awareness initiatives, such as the 2nd ECSCI Workshop on CIP.
This workshop presented the different approaches on integrated (i.e., cyber and physical) security in several different industrial sectors, such as finance, healthcare, energy, air transport, communications, industrial plants, gas, and water. The peculiarities of critical infrastructure protection in each one of these sectors have been discussed and addressed by the different projects of the ECSCI cluster that presented their outcomes, discussing the technical, ethical and societal aspects and the underlying technologies.
Specifically, novel techniques have been presented for integrated security modelling, IoT security, artificial intelligence for securing critical infrastructures, resilience of critical infrastructures, ethical and legal aspects of cybersecurity, combating hybrid threats to critical infrastructure, cyber and physical threats detection, increased automation for detection, prevention and mitigation measure, information and knowledge sharing, standards and regulations for the protection of critical infrastructures, common platforms for cascading effects on the different critical infrastructures, combined safety and security solutions, cyber security awareness, and the landscape of advanced combined cyber and physical threats.
The workshop included three opening remarks, three keynote speeches, twenty-one project presentations, two roundtable and panel discussions, twenty-one thematic presentations, and closing remarks. The audience included scientists and experts in the field of critical infrastructure protection, CISOs, CIOs, CERTs, CSIRTs, CSOs, cyber and physical security experts representing different sectors and policy makers for critical infrastructure protection.
Katsikas, Sokratis; Lambrinoudakis, Costas; Cuppens, Nora; mylopoulos, John; Kalloniatis, Christos; Meng, Weizhi; Furnell, Steven; Pallas, Frank; Pohle, Jörg; Sasse, Angela; Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Vidal, Jorge Maestre og Monge, Marco Antonio Sotelo. (2022).
Computer Security. ESORICS 2021 International Workshops
CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT&SECOMANE, Darmstadt, Germany, October 4–8, 2021, Revised Selected Papers.
NVA
Vitenskapelig antologi/Konferanseserie
Abie, Habtamu og Pirbhulal, Sandeep. (2022).
5G-Enabled IoT for IT-OT Integration. Norsk Regnesentral
NVA
Vitenskapelig foredrag
Abie, Habtamu og Pirbhulal, Sandeep. (2022).
Focus Area 1-IT and OT Integration. NTNU Campus Gjøvik
NVA
Vitenskapelig foredrag
Pirbhulal, Sandeep; Abie, Habtamu; Jullum, Martin; Nielsen, Didrik og Løland, Anders. (2022).
AI/ML for 5G and Beyond Cybersecurity.
NVA
Rapport
Sodhro, Ali Hassan; Lakhan, Abdullah; Pirbhulal, Sandeep; Grønli, Tor-Morten og Abie, Habtamu. (2022).
A Lightweight Security Scheme for Failure Detection in Microservices IoT-Edge Networks.
NVA
Vitenskapelig foredrag
Vis sammendrag
Nowadays, microservices-based applications such as E-Business, E-Healthcare, 3D-Gaming,
and Augmented Reality has latterly drawn attention in the research area. The microservices enabled
applications are different from traditional monolithic
applications with the high demand of security and fault
detection, therefore, a lightweight secure and failure detection enabled schemes widely required for
the new applications. This paper proposes a new
lightweight microservices mobile cloud (Mob-Cloud)
the framework that replaces the heavyweight virtual
machine (VM) based on mobile cloud computing
(MCC). The study devises MFHE (Modified Fully
Homomorphism Encryption) and WATFA (Workload
Assignment Transient Fault Aware) schemes to deal
with security and failures. Simulation results show
that the proposals are practical for the considered
problem
Abie, Habtamu. (2022).
Norwegian Ecosystem for Secure IT-OT Integration (NESIOT). Vilija Balionyte-Merle, SINTEF
NVA
Faglig foredrag
Pirbhulal, Sandeep og Abie, Habtamu. (2022).
NORCICS D3.6.2.22: Requirements and specification for dynamic risk assessment in 5G-enabled IoT.
NVA
Rapport
Abie, Habtamu og Pirbhulal, Sandeep. (2022).
NORCICS D3.6.1.22: Report on strategies and specification for cybersecurity scenarios for 5G-enabled IoT.
NVA
Rapport
Katsikas, Sokratis; Lambrinoudakis, Costas; Cuppens, Nora; Mylopoulos, John; Kalloniatis, Christos; Meng, Weizhi; Furnell, Steven; Pallas, Frank; Pohle, Jörg; Sasse, Angela; Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Vidal, Jorge Maestre og Monge, Marco Antonio Sotelo. (2022).
Computer Security. ESORICS 2021 International Workshops.
Sodhro, Ali Hassan; Lakhan, Abdullah; Pirbhulal, Sandeep; Grønli, Tor-Morten og Abie, Habtamu. (2022).
A Lightweight Security Scheme for Failure Detection in Microservices IoT-Edge Networks.
Vis sammendrag
Nowadays, microservices-based applications such as E-Business, E-Healthcare, 3D-Gaming, and Augmented Reality have latterly drawn attention in the research area. The microservices enabled applications are different from traditional monolithic applications with high demand of security and fault detection, therefore, a lightweight secure and failure detection enabled schemes widely required for the new applications. This paper proposes a new lightweight microservices mobile cloud (Mob-Cloud) framework that replaces the heavyweight virtual machine (VM) based on mobile cloud computing (MCC). The study devises MFHE (Modified Fully Homomorphism Encryption) and WATFA (Workload Assignment Transient Fault Aware) schemes to deal with security and failures. Simulation results show that the proposals are practical for the considered problem.
Trcek, Denis; Abie, Habtamu og Skomedal, Åsmund. (2022).
Adaptive Safety for Internet of Things in e-Health.
Vis sammendrag
Wireless pervasive computing devices are rapidly penetrating our environments, where e-Health is among the most critical ones. In the e-Health environment it is not only important to address security and privacy issues (which are usually in the focus), but also safety needs for appropriate treatment. With an increasing proportion of pervasive (smart dust) devices which lack computing power, security, privacy, and safety provisioning in such environments is a demanding task - not to mention additional requirement about their adaptive provisioning. However, some twenty years ago an interesting research branch in computing domain appeared, called trust management. This branch is considered as a very handy alternative to support traditional hard security and privacy approaches. It is, therefore, often referred to as soft security (privacy) provisioning mechanism. As trust is inherently adaptive and as security and safety are much related, this paper presents a new approach where trust management is deployed in e-Health environments to enable adaptive safety provisioning. This paper also introduces a trustworthiness calculation framework that extends trust management methods with a comparative analysis of computational trust in Internet of Things (IoT).
Abie, Habtamu; Schulz, Trenton og Savola, Reijo. (2022).
Adaptive Security and Trust Management for Autonomous Messaging Systems.
Vis sammendrag
With society's increased dependence on information communication systems, the need for dependable, trustable, robust, and secure adaptive systems becomes ever more acute. Modern autonomic message-oriented middleware platforms have stringent requirements for self-healing, adapting, evolving, fault-tolerance, security, and active vulnerability assessment, especially when the internal working model of a system and the environmental influences on the system are uncertain during run-time. In this paper, we present an adaptive and evolving security approach, and adaptive trust management approach to autonomous messaging middleware systems. This approach learns, anticipates, evolves, and adapts to a changing environment at run-time in the face of changing threats. The approach combines adaptive risk-based security, trust-based security, and security-based trust: the resultant supra-additive synergy improves and increases the strength of security and the degree of trust in the system. The approach also integrates different metrics, assessment tools, and observation tools that improve and increase the assessability and verifiability of the trustworthiness of the system. Validation of results is through industrial case studies and end-user assessment.
Hamdi, Mohamed; Pirbhulal, Sandeep og Abie, Habtamu. (2022).
A Homomorphic Digital Signature Scheme for the Internet of Things.
Vis sammendrag
In this paper, we address the problem of compatibility between digital signature schemes and in-network aggregation approaches. In the IoT world, the gateways alter the signed network flows when performing in-network aggregation. Therefore, existing conventional approaches are not suitable for verifying the authenticity of the original flows. This raises the need for energy-effective and secure schemes that enable the destination to validate aggregated network flows. In this regard, a lightweight homomorphic signature scheme is proposed which supports the implementation of aggregation procedures without affecting the verification process. We demonstrate the unforgeability and the privacy of our scheme. We also perform an analytical study of its energy-efficiency. The results suggest that the proposed scheme considerably decreases the processing overhead of the existing set-homomorphic signature schemes. Moreover, it does not add any communication overhead to traditional (non-homomorphic) signature schemes. This, in turn, improves the energy consumption by 30% compared to existing homomorphic signature techniques.
Pirbhulal, Sandeep; Abie, Habtamu; Shukla, Ankur og Katt, Basel. (2022).
A Cognitive Digital Twin Architecture for Cybersecurity in IoT-based Smart Homes. Macquarie University
NVA
Vitenskapelig foredrag
Abie, Habtamu. (2022).
European Cluster for Securing Critical Infrastructures (ECSCI) at ENSURESEC Final Conference. INOV
NVA
Faglig foredrag
Abie, Habtamu. (2022).
European Cluster for Securing Critical Infrastructures (ECSCI) at The 2nd ECSCI Virtual Workshop. ECSCI Cluster
NVA
Faglig foredrag
Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Ugarelli, Rita Maria og Praça, Isabel. (2022).
CPS4CIP 2022 Preface - 3rd Cyber-Physical Security for Critical Infrastructures Protection.
Pirbhulal, Sandeep; Abie, Habtamu og Shukla, Ankur. (2022).
Towards a Novel Framework for Reinforcing Cybersecurity using Digital Twins in IoT-based Healthcare Applications.
Vis sammendrag
In recent years, the cybersecurity attacks on the internet of things (IoT)-based healthcare systems became the major concern for researchers and health organizations. With time, the sophistication of these attacks is increasing. Therefore, healthcare service providers must implement efficient security mechanisms carefully while taking the advantages of connected devices without compromising the patient safety and disturbing the real-time health services. A digital twin (DT) is a virtual representation of a real-time counterpart of a physical world. DT offers significant advantages to cybersecurity experts, empowering them to predict risks without entering the physical world, and to simulate and test cyber-attacks that would otherwise be infeasible to do in real-time in the physical environment. DT in healthcare helps to identify security vulnerabilities, conduct attack simulations, and potential security breaches by creating a virtual replica of the targeted healthcare systems. In this paper, a novel and automated conceptual framework is developed for reinforcing the cybersecurity in IoT-based healthcare using DT technology. It includes the conceptualization and analysis of the proposed framework which can provide dynamic and adaptive security solution to identify real-time threats and vulnerabilities in IoTbased healthcare applications.
Sandvik, Jens-Petter; Franke, Katrin; Abie, Habtamu og Årnes, Andrè. (2022).
Quantifying data volatility for IoT forensics with examples from Contiki OS.
Vis sammendrag
Forensic investigations are often conducted under limited resource availability such as time, equipment, and people. As data acquisition is resource-demanding already, a higher emphasis needs to be put on prioritizing the investigative steps to optimize the probability of collecting the relevant evidence. Data volatility measures how quickly data disappears from a system and is an essential part of assessing the likelihood of collecting the most valuable evidence. An investigator can use a model for the volatility to estimate the probability of the existence of evidence. This work motivates and details a model for data volatility and exemplifies it for the Coffee File System used in Contiki OS, an operating system for IoT devices. We conducted experiments to test how well the model corresponds to the collected simulated data and cross-validate the model with observations from file system operations. The results revealed that an approximated model based on the known workings of the file system underestimated the volatility. While there are many sources describing volatility qualitatively, there is little research on quantitative volatility, and this paper is a stepping stone to understanding a quantitative approach to evidence volatility.
Sandvik, Jens-Petter; Franke, Katrin; Abie, Habtamu og Årnes, Andrè. (2021).
Coffee forensics — Reconstructing data in IoT devices running Contiki OS.
Vis sammendrag
The ability to examine evidence and reconstruct files from novel IoT operating systems, such as Contiki with its Coffee File System, is becoming vital in digital forensic investigations. Two main challenges for an investigator facing such devices are that (i) the forensic artifacts of the file system are not well documented, and (ii) there is a lack of available forensic tools. To meet these challenges, we use code review and an emulator to gain insight into the Coffee file system, including its functionality, and implement reconstruction of deleted and modified data from extracted flash memory in software. We have integrated this into a forensic tool, COFFOR, and analyzed the Coffee File System to reconstruct deleted and modified files. This paper presents an overview of the artifacts in the file system and implements methods for the chronological ordering of the deleted file versions, and discusses these methods’ limitations. Our results demonstrate that forensic acquisition and analysis of devices running the Contiki operating system can reveal live and deleted files, as well as file version history. In some cases, a complete, chronological ordering of the version history can be reconstructed.
Abie, Habtamu. (2021).
Predictive Analytics for Cyber-Physical Threat Intelligence in Financial Sector Infrastructures. H2020 FINSEC, SOTER and FIN-TECH projects
NVA
Faglig foredrag
Abie, Habtamu. (2021).
Machine Learning as an Enabler for Cyber-Physical Security. ASSENTIAN LIMITED
NVA
Faglig foredrag
Soceanu, Omri; Adir, Allon; Aharoni, Ehud; Greenberg, Lev og Abie, Habtamu. (2021).
A Cloud-Based Anomaly Detection for IoT Big Data.
Vis sammendrag
Security of IoT systems is a growing concern with rising risks and damages due to successful attacks. Breaches are inevitable, attacks have become more sophisticated, and securing critical infrastructure has become a greater challenge. Anomaly detection is an established approach for detecting security attacks, without relying on predefined rules or signatures of potential attacks. However, existing outlier detection techniques require adaptation if they are to be applied in a Big Data cloud context. We describe a novel outlier detection solution, which is currently being used by hundreds of customers with highly variable data scales. We describe our work in adapting this technology to handle IoT on a Big Data cloud setting. Specifically, we focus on efficient outlier analysis and managing large numbers of alerts using automatically controlled alert budgets.
Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Ugarelli, Rita; Giunta, Gabriele; Praça, Isabel og Battisti, Federica. (2021).
Cyber-Physical Security for Critical Infrastructures Protection.
NVA
Vitenskapelig antologi/Konferanseserie
Vis sammendrag
This book constitutes the refereed proceedings of the First International Workshop on Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2020, which was organized in conjunction with the European Symposium on Research in Computer Security, ESORICS 2020, and held online on September 2020.
The 14 full papers presented in this volume were carefully reviewed and selected from 24 submissions. They were organized in topical sections named: security threat intelligence; data anomaly detection: predict and prevent; computer vision and dataset for security; security management and governance; and impact propagation and power traffic analysis.
The book contains 6 chapters which are available open access under a CC-BY license.
Soceanu, Omri; Greenberg, Lev; Adir, Allon; Aharoni, Ehud og Abie, Habtamu. (2021).
Anomaly Detection for Critical Financial Infrastructure Protection.
Vis sammendrag
Anomaly detection is a family of analytical techniques that identifies and learns typical properties of a system and reports significant deviations from the typical system’s normal properties as outliers. The anomaly detection techniques can provide protection from new zero-day attacks whenever these attacks lead to deviations from typical behaviours of the system, and do not require a balanced training set in which both malicious and benign events are equally represented. These techniques are better fit for real industrial systems where malicious events are much rarer
than benign events. They are important tools to detect abnormalities in the critical financial infrastructures and services. The FINSEC project has developed scalable
anomaly detection for cyber-physical integrated security using physical (e.g., cameras) and cyber probes (e.g., Skydive, IDS [Intrusion Detection Systems], etc.).
Boudko, Svetlana; Abie, Habtamu; Nigussie, Ethiopia og Savola, Reijo. (2021).
Towards Federated Learning-based Collaborative Adaptive Cybersecurity for Multi-microgrids.
Vis sammendrag
Multi-microgrids (MMGs) provide economic and environmental benefits to society by improving operational flexibility, stability and reliability of a smart grid. MMGs have greater complexity than conventional power networks due to the use of multiple infrastructures, communication protocols, controllers, and intelligent
electronic devices. The distributed and heterogeneous connectivity technologies of the MMGs and their need to exchange information with external sources as well as the vulnerabilities in the communication networks and software-based components, make MMGs susceptible to cyberattacks. In this work, we present a conceptual framework for collaborative adaptive cybersecurity that is able to proactively detect security incidents. The framework utilizes federated learning for collaborative training of shared prediction models in a decentralized manner. The methodology used in this research is mainly analytical. This involves analysis of how the principles of a collaborative adaptive cybersecurity can be applied to the MMG environments resulting in the development of theoretical models which can then be validated in practice by prototyping and using real time simulation.
Boudko, Svetlana; Abie, Habtamu; Boscolo, Mirna og Ferrario, Davide. (2021).
Predictive Analytics Service for Security of Blockchain and Peer-to-Peer Payment Solutions.
Vis sammendrag
The blockchain and Peer-To-Peer Payment solutions become adopted by financial institutions. While these changes bring significant service benefits they also increase the risks and vulnerabilities of the financial services. In this paper, we investigate, develop, and evaluate machine learning (ML) algorithms for predicting attacks on blockchain nodes and a Peer to Peer payment system. We have evaluated a set of machine learning algorithms that include classifica-tion ML algorithms from the scikit-learn library. We demonstrate that the pro-posed solution is able to predict cyber-physical attacks close to 100% accuracy. We have implemented a service prototype as a proof of concept. The prediction is done based on the collected data of the blockchain and peer-to-peer payment nodes. For the evaluation of the algorithms, a set of highly reputable classifica-tion metrics has been selected and applied.
Pirbhulal, Sandeep og Abie, Habtamu. (2021).
Digital Twins for Enhancing Cybersecurity in Smart Homes.
NVA
Rapport
Abie, Habtamu; Ferrario, Davide; Troiano, Ernesto; Soldatos, John; Peppo, Fabrizio Di; Jovanović, Aleksandar; Gkotsis, Ilias og Markakis, Evangelos. (2021).
Consolidated Proceedings of the first ECSCI Workshop on Critical Infrastructure Protection, Virtual Workshop, June 24–25, 2020.
Vis sammendrag
Modern critical infrastructures (“critical entities” in the terminology of the new EU-CER Directive) are becoming increasingly complex, turning into distributed, large-scale cyber-physical systems. Cyber-physical attacks are increasing in number, scope, and sophistication, making it difficult to predict their total impact. Thus, addressing cyber security and physical security separately is no longer effective, but more integrated approaches, that consider both physical security risks and cyber-security risks, along with their interrelationships, interactions and cascading effects, are needed to face the challenge of combined cyber-physical attacks. To face them successfully, aligned and integrated responses are needed, and this workshop has provided a great opportunity to do it: aligning and integrating not only the positions of single projects but also of many intended users of their results. This workshop presented the different approaches on integrated (i.e., cyber and physical) security in seven different industrial sectors, such as finance, healthcare, energy, air transport, communications, industrial plants, gas, and water. The peculiarities of critical infrastructure protection in each one of these sectors have been discussed and addressed by the different projects of the ECSCI cluster that presented their outcomes, discussing the technical, ethical and societal aspects and the underlying technologies. Specifically, novel techniques have been presented for integrated security modelling, IoT security, artificial intelligence for securing critical infrastructures, resilience of critical infrastructures, distributed ledger technologies for security information sharing and increased automation for detection, prevention and mitigation measures. The workshop included two opening remarks, two keynote speeches, 11 project presentations, 2 roundtable and panel discussions and 10 thematic presentations. The audience included scientists and experts in the field of critical infrastructure protection, CISOs, CIOs, CERTs, CSIRTs, CSOs, cyber and physical security experts representing different sector and policy makers for Critical Infrastructure protection.
Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Ugarelli, Rita Maria; Giunta, Gabriele; Praça, Isabel og Battisti, Federica. (2021).
CPS4CIP 2020 Preface - Cyber-Physical Security for Critical Infrastructures Protection.
Boudko, Svetlana og Abie, Habtamu. (2020).
Predictive Analytics Service for Security of Blockchain and Peer-to-Peer Payment Solutions. iCatse
NVA
Vitenskapelig foredrag
Abie, Habtamu og Boudko, Svetlana. (2020).
Anticipatory Adaptive Security for IoT-based Smart Grids Infrastructure and Value-added Services.
Vis sammendrag
The report describes the research and development of adaptive security addressing the protection of "IoT-based smart grids" against evolutionary threats and attacks through the prediction and advanced behavioural analysis of big data from IoT Smart Grids by automating prevention, detection, and recovery from the failures of security and privacy protections at run-time and by re-configuring control parameters and security goals.
Savola, Reijo; Kylänpää, Markku og Abie, Habtamu. (2020).
Risk-driven security metrics for an Android smartphone application.
Vis sammendrag
Security management in Android smartphone platforms is a challenge.
This challenge can be overcome at least partially by developing systematically
risk-driven security objectives and controls for the target system, and determining
how to offer sufficient evidence of its security performance via metrics. The target
system of our investigation is an Android platform utilised for public safety and
security mobile networks. We develop and analyse the security objectives and
controls for these systems based on a technological risk analysis. In addition,
we investigate how effective and efficient security metrics can be developed
for the target system, and describe implementation details of enhanced security
controls for authentication, authorisation, and integrity objectives. Our analysis
includes implementation details of selected security controls and a discussion
of their security effectiveness. It also includes conceptualisation and description
of adaptive security for an Android platform which can improve the flexibility
and effectiveness of these security controls and end-users confidence in service
providers.
Abie, Habtamu. (2020).
The European Cluster for Securing Critical Infrastructures (ECSCI): Objectives, Success Stories, and Takeaways. ECSCI-European Cluster for Securing Critical Infrastructures
NVA
Faglig foredrag
Vis sammendrag
The European Cluster for Securing Critical infrastructures (ECSCI) is a cluster of H2020 projects for securing critical infrastructures. Its main objective is to bring about synergetic, emerging disruptive solutions to security issues via cross-projects collaboration and innovation. The cluster will research how to protect critical infrastructures and services, highlighting differences (approaches, sectors of interest, etc.) between the clustered projects and establishing tight and productive connections with closely related and complementary H2020 projects. The presentation highlights the ECSCI liaison plan, specific objectives, cluster members, success stories, and takeaways.