Track F: Security and Safety for Critical Terminals and Applications
Today, more and more critical applications are controlled from user terminals. These can be SCADA terminals controlling critical infrastructures in the transport or process industry, IT systems in health, but even a normal smart serves a terminal in critical applications, e.g. tele banking.
While making those systems operate reliably under normal conditions is hard enough (and discussed in the field of safety), ensuring their continued and correct operation under dedicated attacks by malicious parties is even more challenging. A weak point that is often forgotten is the human operator in combination with the man-machine interface. User terminals that control critical applications or are vulnerable to attacks when a legitimate controller leaves his position, or when he leaves a smart phone unattended, or when is overpowered by an attacker. In these cases attackers can take over the terminal and have full access to the application. Standard solutions, relying on repeated authentication based on a password are not fail safe and nor user-friendly. Humans also pose a safety risk if they lose concentration while controlling an application that may require human intervention in risky situations.
In this track of the Twente Student conference on ICT, we want to address the issues of security and safety in critical terminals and applications, while focusing on the human operator.
Students are invited to analyze both sides of the medal: insecurity, threats and attacks to today’s terminals as well as potential solutions and security and safety mechanisms. Possible solutions can be found in applying biometric authentication at logon time in combination with ongoing biometric authentication during operation. Various types of biometrics can be exploited: stronger ones, such as facial recognition in 2D and 3D, iris recognition, fingerprint recognition as well as weaker ones, such as keystroke dynamics and behavioural biometrics. In addition the presence of sensors (cameras, keyboard) can be used to monitor attention by measuring the response to explicit or implicit challenges.
For the 18th Twente Student conference on ICT we would like to receive papers that pose and investigate research questions on “Security and Safety for Critical Terminals and Applications ". Because of the variety of solutions and the possible dependencies between these solutions and the possible advantages of combining them, teamwork is preferred.
Topics addressed by this track include (but are not limited to):
• Integrated security and safety architectures for SCADA terminals, including biometric authentication and attention monitoring.
• Integrated security and safety architectures for smart phones, including biometric authentication and attention monitoring.
• Integrated security and safety architectures for medical terminals, including biometric authentication and attention monitoring.
• Implementation and evaluation of ongoing biometric authentication of a terminal based on (an off-the-shelf) face recognition system.
• Analysis of keystroke dynamics as ongoing authentication mechanism for critical terminals.
• Spoofing attacks for critical terminals protected by biometrics and counter measures.
• Developing and implementing attention games (either hidden or explicit) that monitor the attention of the user.
We are searching for additional, inspiring and creative topics that think outside of the box and that are appropriate for the problem at hand. You are invited to discuss early ideas with the track chairs for guidance. We highly appreciate proposals that are not pure paperwork but include some practical aspects as well. A paper can focus on one topic or on a combination of topics.
There are many text books on biometrics, but there is not so much material on SCADA-like systems. An example is: Fernandez, J. and Fernandez, A. SCADA systems: vulnerabilities and remediation. Journal of Computing Sciences in Colleges, 20(4):160-168, 2005. Students are also encouraged to search for sources outside typical publication means.
Further information on security and safety topics can be found by using "Google Scholar" (http://scholar.google.com/), the ACM DL (http://www.acm.org/dl/), and IEEE Explore (http://ieeexplore.ieee.org/) plus appropriate search terms.
For further information on the content of this track, you may contact the track chair Raymond Veldhuis, R.N.J.Veldhuis@utwente.nl. For any information on the conference organisation, please contact the conference chair on firstname.lastname@example.org.