Periodic Reporting for period 2 - PROTASIS (Restoring Trust in the cyber space: a Systems Security Proposal) Período documentado: 2018-05-01 hasta 2020-04-30 Resumen del contexto y de los objetivos generales del proyecto The main problem addressed in this project is the erosion of our security and privacy in cyberspace. As more and more aspects of our everyday lives move into cyberspace, they may open new vulnerabilities and increase our potential attack surface. For example, although using digital maps and digital assistants provides users with convenient real-time directions to their destination, at the same time, it may reveal the users’ location and may compromise the users’ privacy. Similarly, although using web banking is more convenient than waiting in line in a real bank, it may make users more susceptible to phishing attacks and financial malware. One can find countless examples of how our move from the traditional physical world into its digital equivalent may compromise the users’ security and privacy. We feel that securing our new and emerging digital lives is getting increasingly important for our society and especially for the Digital Single Market. Indeed, if the cyberspace is not secure, or, to make matters worse, if the cyberspace ends up being really dangerous, people, and possibly their business, will just slowly move away from it. As a result, the Digital Single Market will not be able to reach its full potential. With an eye towards cybersecurity, the overall objective of the project is to improve European Expertise in the area of cybersecurity and privacy through International and Intersectoral secondments to top academic and Industrial partners in Europe and US. The secondments implemented in this project have not only increased European Expertise (as can be seen by the number of top scientific publications), but have also resulted in stable international and inter-sectoral collaborations which are bound to last well beyond the end of the project. Trabajo realizado desde el comienzo del proyecto hasta el final del período abarcado por el informe y los principales resultados hasta la fecha From the beginning of the project till the end of this reporting period we implemented twenty secondments: twenty face-to-face multi-month collaborations between Academia and Industry, and/or between the partners of the project and world-leading teams in top US Universities including MIT, Columbia, University of California, Stony Brook, etc. We can group the work in three major pillars: • Privacy: understanding privacy, protecting privacy, recent attacks to privacy, web tracking in paid and free services. In this project we showed how privacy is compromised and what mechanisms are being used to achieve this compromization. We showed what new tricks entities may use in order to be able to track users on the Internet. • Cyberattacks: We covered several topics including cookie synchronization, cryptocurrency mining, similar-looking domain names, VPN misconfigurations, etc. We showed how hardware bugs can be triggered to attack software (Rowhammer) and what can be done to defend against it. We showed how to attack devices ranging from industrial robots to ordinary smartphones. We even showed how malicious web sites can force users to mine cryptocurrency without really “compromising” them. But most important of all, we made contributions towards understanding the evolving nature of malware. In the “good old days” identifying whether a piece of code was malware was crystal clear: malware was produced by shady organizations that clearly attacked users. Today software has evolved in such sophisticated ways that the line between good software and malware has become significantly blurred. • Defenses: We covered several topics including code randomization, detection of code vulnerabilities, anomaly detection, etc. We showed how to defend against hardware bugs such as rowhammer. We showed how to defend against privacy attacks that funnel user’s fata to third parties. We showed how to increase our defenses by installing honeypots for industrial control systems.The project has also been very active in disseminating and communicating its results. • The researchers published more than twenty publications in well-known conferences. (https://www.protasis.eu/publications/) • The project organized two Summer Schools in 2018 and 2019 in collaboration with KTH in Sweden. • In addition to the conferences presentations, the project participants gave more than 30 talks in various venues including workshops, invited talks etc. (https://www.protasis.eu/presentations/) • The project organized an IoT workshop at a Dagstuhl https://www.dagstuhl.de/en/program/calendar/evhp/?semnr=17143 The project has also created a number of exploitable results. Some of these include: • The work of one of the secondments contributed to a patent tiled “Computing device with increased resistance against rowhammer attacks”. This result can be exploited mainly by manufacturers who would like to develop products that are robust against rowhammer and similar attacks. • A cryptocurrency mining detection tool. This tool can be useful to researchers and security practitioners who are active in the area of cryptocurrency mining. The tool is available at https:// github.com/vusec/minesweeper• All the published papers are available on-line. They can be used by researchers and practitioners to further enhance the state of the art. Avances que van más allá del estado de la técnica e impacto potencial esperado (incluida la repercusión socioeconómica y las implicaciones sociales más amplias del proyecto hasta la fecha) The work was highly innovative as can be seen from the publications which were produced.The project research spans over a broad set of current cybersecurity challenges. Research from the project has tackled privacy and security issues related to advertisement and web tracking, for instance, as well as broader issues of privacy and anonymity on the web.Another large body of research from the project dealt with cyber-physical systems and IoT security issues, in particular in critical fields such as automotive security and Industry 4.0Finally, many research efforts have been devoted to offensive security research, developing new attack techniques (with a persistent attention to mobile security and to hardware attacks such as Rowhammer) and new exploitation mechanisms, and corresponding security protection techniques.When we started this project we wanted to have an impact along two dimensions: • To enhancing research- and innovation-related human resources, skills and working conditions, to realise the potential of individuals, and to provide new career perspectives organisations• To develop new and lasting research collaborations, to achieve transfer of knowledge between research institutions, and to improve research and innovation potential at the European and global levelsWe believe that the impacts have been fully achieved: • A new generation of European researchers has received skills in research and innovation in European industry and in leading Universities in the States in the area of Cyber Security.• These researchers had the opportunity to work at state-of-the-art labs, collaborate with the top scientists/practitioners in their fields and perform at their best under excellent working conditions• Having worked in such environments, they had the opportunity to realize their full potential, to create a far-reaching network and to have a wider option for new career opportunities• The research collaborations that started with one secondment usually continued for several months (and in some cases) for several years after the secondment. This essentially turned a short-term secondment into a long-lasting collaboration between organizations. This collaboration gave rise to new papers, new projects, and new research.