Cyber Security Accelerator for trusted SMEs IT Ecosystems
June 01, 2017 to May 31, 2020
Even though small and medium enterprises (SME) are repeatedly targeted by cyber-criminals, they are seldomly prepared adequately for such attacks. The ways in which the enterprises’ system are being attacked are constantly changing and evolving, which makes intrusion detection extremely complicated and cost-intensive. At the same time, the amount of cyber-attacks carried out is growing continuously - appropriate protection is therefore a must for SMEs
The FORTIKA project contributes to reducing the overall risk of cyber-crime against SMEs. They shall be able to react appropriately to attacks and incidents without having to invest a lot of resources themselves to secure their systems against external attacks. FORTIKA therefore follows a security by design hybrid approach, which provides protection based on hardware and software at the same time. A central outcome of the research and development work of the FORTIKA project is the 40SEC (FORTISEC) testbed. Although, 40SEC was developed to protect SMEs networks, it can be used in other contexts.
Improving Intrusion Detection Systems in Smart Cities
Cloud-computing and the virtualization of network functions have given rise to attractive new opportunities for the provision and management of a variety of services. Unfortunately, applications in the area of the Internet of Things (IoT), including industry 4.0 as well as connected cars cannot make use of those new opportunities fully yet, as not all conditions for the complete detection of intrusions have been met.
Security as a Service (SaaS) solutions are cloud based security concepts. SaaS solutions must meet the requirements of an increasingly networked world: One of the main issues is the performance of the SaaS systems, which are confronted with constantly increasing amounts of data, yet also must function reliably. Intrusion detection has traditionally been partly carried out by hardware, as well as software techniques. However, a combination of those two techniques seems to be a better solution: An intrusion detection system based on a field programmable gate array (FPGA) for edge and fog computing would combine the benefits of FPGA acceleration with the benefits of edge- and fog computing, such as the significantly lower volumes of data needed.
The FORTISEC (40SEC) testbed was setup using a network security appliance, which allows to combine a number of modules to offer a reactive Intrusion Detection System. The solution implementation is virtual, flexible, accelerated by FPGA, and can therefore also be carried out on devices with limited hardware resources. Further, 40SEC can be used to analyze non-encrypted as well as encrypted traffic.
Functions and services
- Lightweight implementation, which runs in Dockers
- Highly flexible and simple configuration
- Ability to detect different network-attacks, such as DoS flooding, Port scans, Brute Force attacks, Ping of Death and others
- FPGA-acceleration, allowing the use of faster multi-pattern search algorithms, such as Wu-Manber and Aho-Corasik
- Analysis of encrypted traffic using TLS termination, TLS client/server fingerprints and machine learning
The 40SEC testbed was originally developed as a reliable and cost-efficient network security application for SMEs within the FORTIKA Project.
Additionally, it can be utilized in a number of other environments, such as connected cars or edge computing security.
The FORTIKA project unites a total of 16 partners from Germany, Italy, Spain, Great Britain, Ireland, Belgium, Slovenia, Bulgaria and Greece. The project is funded by the HORIZON2020 framework program of the EU. FORTIKA starts on 1 June, 2017 and will run for three years.