CYBER SECURITY
            RESEARCH CENTRE

 

Objectives & Mission at CSRC

              Future computing infrastructure will be more robust, powerful and flexible under a wide variety of operating environments thereby making them more resistant to cyber hacking and resultantly cyber security crimes. Hence, the urgent need to establish a Cyber Security Research Centre wherein the primary focus would be to explore the cyber environment to collect data, conduct surveys and research which contributes towards understanding of the problems and issues affecting users. The aim would be at creating a technology rich environment conducive to constructive discussions and evolving thoughts which will lead to innovative ideas in unwiring and digitizing the world securely at affordable costs.

 

The Vision for the CSRC would thus be to:

-               Aid and advise organizations in cyber security policy enforcements, conduct of security audits and incident handling.

-               Provide various IT organizations, members of corporate India, Government departments including the Police department, consultancy for design of secure networks including deployment of security administration software like intrusion detection and vulnerability checking, protection against  port scanners, password crackers etc.

-               Train the manpower in cyber security related skills needed by state departments including police, network users, IT professionals, and network security specialists. By taking the policy seriously and teaching all stakeholders of an organisation about their role in maintaining it thereby making them embrace the policy as an integral part of their jobs.

-               Facilitate research work for undergraduate and postgraduate students and researchers in the concerned areas.

-               Disseminate research results through journal and conference publications, technical reports, and public domain software.

-               Create a digital knowledge library in the form of WEB/FTP server consisting of information in the above mentioned areas.

-               Undertake projects with Government of India, Nasscom, IT Industry in collaboration with academia.

-               Conduct interdisciplinary training programs for state departments, IT industry and academia.

This vision of the RCSRC would continuously be supplemented so as to give a more contemporary role therefore a set of objectives would be defined so as to enable the centre to have a more focussed approach towards issues of Cyber Security.

 

The Objectives to be achieved by CSRC:

  •       Conduct high quality research in emerging areas of ICT especially cybersecurity, wireless mobile computing, and networking.
  •        Identify key research needs and industry partners as a sustainable way to expand research capability at the Punjab Engineering College with special emphasis on Cyber Crimes.
  •        Create a context for graduate students to seek jobs closely aligned with their research interests or to remain in a research community supported by strong industrial relationships.
  •        Create innovative solutions via commercial applications of research.
  •        Create opportunities for the transfer of skills, knowledge, people and ideas between RCSRC and the community at large.
  •        Foster interdisciplinary research programs .
  •        Partner with other cyber research organizations, nationally or internationally.
  •        Cultivate new secure technologies that provide seamless networking between heterogeneous networks to deliver ubiquitous connectivity at lower cost and higher bandwidth for increased productivity.
  •        To maintain high quality of confidentiality and authentic     solutions scalable for low-power devices in networks.
  •        Safeguard security of campus network systems. 

 

To be established on the foundations of research, the key areas identified for Research at the RCSRC would include:

  •        Design & Development of Secure Network Protocols &      Algorithms .
  •        Network and systems security architecture, performance measurements & analysis.
  •        Low Cost Secure Wireless network & Mobile Communication & Converged Access Devices.
  •        Effectively design technologies such as MANET, 802.11, 3G/4G, Ultra Wide Band, 802.16 and Bluetooth.
  •        Development and deployment of cost-effective and relevant services and policies in areas such as e-governance, e-learning and telemedicine.
  •        Design and development of security administration software network monitoring, biometric devices, surveillance and forensics through intelligent traffic analysis.

Impact envisioned

The Emergence of the Cyber Security Research Centre as a regional venue for communication, commerce, education and entertainment will blur traditional political and organizational boundaries, make time zones irrelevant and erase language barriers. A wide range of security technologies exists that provide solutions for securing network access and data transport mechanisms within the corporate network infrastructure. Many of the technologies overlap in solving problems that relate to ensuring user or device identity, data integrity, and data confidentiality. The intent is to develop an in-depth understanding amongst the various organizations of how these technologies can be implemented in corporate networks by designing and implementing a site specific Corporate Security Policy. The research and development in this area should be able to give outcomes that support advanced communications by developing and enhancing new generation technologies to escalate reliability, integrity, flexibility, security, and delivery.

Over the time, security policies and procedures may become inadequate because of changes in agency mission and operational requirements, threats, environment, deterioration in the degree of compliance, changes in technology or infrastructure, or business processes. Periodic assessments and reports on activities can be a valuable means of identifying areas of non-compliance, reminding users of their responsibilities and demonstrating management's commitment to the security program. While an organization’s mission does not frequently change, the agency might require modification to its information security requirements and practices. To facilitate ongoing monitoring, RCSRC can compare and correlate a variety of real-time and static information available from a number of ongoing activities within and outside of their programs. To provide a broad overview of key activities that can assist in monitoring and improving an agency’s activities, RCSRC would endeavour to address security issues in government and private sector by orienting towards the following key aspects:

 

a. Infrastructure Security: Numerous problems exist in the protection of infrastructures. Besides the obvious technical, legal, and financial aspects involved, there are numerous misunderstandings between businesses and Government over what kind of protection the infrastructure entails. This raises numerous concerns over liability, information sharing, and vulnerability issues that have been plaguing infrastructure protection since day one. By identifying these interdependencies a greater level of security can be provided for defending against such infrastructure attacks.

 

b.  Network configuration and protocols:  The ability to achieve efficient, reliable and secure messaging  when new vulnerabilities, attacks and threats are emerging these days, design of  protocols needs to be reviewed to be able to meet the security needs of today. This raises extensive analysis, redesigning, implementation and testing of secure protocols at different TCP layers on the basis of which numerous research problems can be identified.

 

c. Operating system:  The need to support software radio, specialized sensors, and ad-hoc networking argues for a real-time Operating System (OS).   The need to minimize cost implies a microkernel OS that may not support common PC functionality. Such an OS must be secure from all sorts of virus and other malicious software attacks.

 

d: Measurements & Metrics: Metrics are tools designed to improve performance and accountability through the collection, analysis, and reporting of relevant performance-related data. Information security metrics monitor the accomplishment of goals and objectives by quantifying the implementation level of security controls and the efficiency and effectiveness of the controls, by analyzing the adequacy of security activities, and by identifying possible improvement actions.

 

e. Network Monitoring:  Information about network performance and user behavior on the network will help security program managers identify areas in need of improvement as well as point out potential performance improvements. This information can be correlated with other sources of information such as configuration management to create a comprehensive picture of security program status.

 

h. Incident and Event Statistics: Incident statistics are valuable in determining the effectiveness of security policies and procedures implementation. Incident statistics provide security program managers with further insights into the status of security programs under their preview, observe program activities performance trends, and inform program managers about the needs to change policies and procedures.

 

I. Configuration Management: Configuration management (CM) is an essential component of monitoring the status of security controls and identifying potential security-related problems in information systems. This information can help security managers understand and monitor the evolving nature of vulnerabilities as they appear in a system under their responsibility, thus enabling managers to direct appropriate changes as required.