Periodic Reporting for period 1 - SANCUS (SANCUS: analysis software scheme of uniform statistical sampling, audit and defence processes) Reporting period: 2020-09-01 to 2022-02-28 Summary of the context and overall objectives of the project The SANCUS project involves 15 Partners from 8 European countries, and aims to design and develop an analySis software scheme of uNiform statistiCal sampling, aUdit and defence proceSses (SANCUS – an Roman god of trust). The main idea draws on formalising the logic of expressing (for the first time) the notions of cyber security and digital privacy by means of final formulas and fuse them into optimisation strategies to acquire the truly optimum defence recommendation in dynamic manner, i.e. with respect to the runtime changes of the telecommunications network environment. In this respect, SANCUS will dimension new inclusive Key Performance Indicator metric, namely, the security‐vs‐privacy‐vs‐reliability efficiency trade‐off,The SANCUS project has established the following set of specific and measurable objectives:Objective #1: To identify and classify the technical requirements and the EU SELP policy aspects for designing, developing and integrating the proposed system platform and the intended engines, mechanisms and tools. Objective #2: To design and verify new method of automated firmware security validation (FiV) and testing based on wide-ranging pipeline of analysers and samplers for maximising the surface of vulnerability and risk discovery.Objective #3: To design and develop new method of automated code integrity verification (CiV) by combining taint, fuzzing and symbolic execution analysis for improving security assessment accuracy, efficiency and searching speed.Objective #4: To design and develop new method of automated network security validation and verification (SiD) focusing on open-source network development environments based on Docker and Kubernetes technologies.Objective #5: To design and develop new network attack configuration and emulation tool (AcE) using state-of-the-art AI/ML techniques for emulating complex cyber-attacks and generating traffic in container environments.Objective #6: To propose revolutionary MiU modelling of the IoT unit for expressing the trade-off between cyber security, digital privacy and QoS reliability by means of final formulas using utility, probability and fitness function theories.Objective #7: To design game implicit optimisation (GiO) approach for maximising the security-vs-privacy-vs-reliability efficiency subject to the outcomes of Objectives #2-#6 using effective duality-free solution methodsObjective #8: To design and establish operational cloud‐native network testbed prototype platform that integrates the enabling 5G technologies and the engines, mechanisms, tools, solutions developed in Objectives #2 to #7.Objective #9: To test and demonstrate the effectiveness, efficiency and complexity of the developed system network and each of its engines, mechanisms and tools by performing thorough testing using specific use case scenarios.Objective #10: To communicate and disseminate the project outcomes, exploit business planning of the outcomes, and contribute specific project outcomes to relevant standardisation bodies. Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far Since the beginning of the project, the consortium have pursued a set of activities to analyse and model the security tradeoffs in 5G networks going from firmware and code security to automated network monitoring, validation and verification.The main achievements during this period are the following:- Use cases definition and scenarios. The consortium has defined 3 use cases that will guide the activities during throughout the project lifetime- Identification of relevant attacks in a cloud-based communication environment- definition of the overall system requirements and use case related KPIs, These KPIs were updated and further clarified following M12 technical review- final architecture definition Activities on the SANCUS proposed engines were also undertaken:- developed a method to emulate the firmware for further analysis with FiV and scan the available services;- performed the research on the current firmware extraction tools and their limitations for FiV- developed a method to emulate a single program for analysis with CiV- completed the setup of the Kubernetes cluster for the SANCUS lab- first activities on the SiD engines also took place during this periodThe obtained results have been disseminated in the following events and media :- Project Website- Social media (4 channels)- Scientific Journals (2)- Conferences (9) – 7 presentations, 2 posters- Newsletter (3)- Factsheet (1)- Public Deliverables (10)- IPR management matrices (3) These activities will be continued and consolidated during the remaining 18 months of the project. Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far) During this first period, the consortium have proposed a number of proposals beyond the current state of the art of the 5G security. The main advances can be summarized as follows.On the firmware and code validation:- developed a method to emulate the firmware for further analysis with FiV and scan the available services;- performed the research on the current firmware extraction tools and their limitations for FiV- developed a method to emulate a single program for analysis with CiV- developed CiV prototype to support multiple types of inputs, such as command line arguments- developed the first prototype of FiV to analyse the extracted firmware: check for insecure functions, hardcoded credentials, finding password filesOn the modelling part:- Individual network unit modelling and feature-based modelling: initialized the definition of individual network units, and refining the initial model based on the group discussions- Utility: defining the KPIs, security, privacy and reliability parameters in a joint objective function,On the 5G network attack detection and remediation:- Development of 5Greplay, a tool to modify and inject 5G network traffic, as part of the AcE engine - Implementation in AcE of four 5G cyber-security threats, of low and mediumThese results will be pursued during the coming phase of the project. The main expected impact will be measured with the testbed implementation in the NOKIA 5G cloud native testbed. This will allow to evaluate the developed attacks and the capacity of the SANCUS engine to detect them and to run the appropriate countermeasures.
