Cyrano event to be held on Dec. 16th 2020 to share the cybersecurity observatory

The Cyrano event will be held on December 16th, 2020 from 10 to 12 am, to share ideas about the sectorial challenges in cybersecurity.

During this event, Fabio Martinelli, the coordinator of E-CORRIDOR, will introduce the cybersecurity observatory, also promoted by E-CORRIDOR. All the stakeholders interested in cybersecurity and transport issues are invited to attend.

The speakers of the event will be: 

Flavio Marangi, Italian NIS Authority 

Gabriele Faggioli, Clusit Chairman & Cyber Security Observatory & Data Protection of Politecnico di Milano – Adjunct Professor MIP - Politecnico di Milano 

Eric Vautier, CISO ADP Group & Chairman of ACI Cybersecurity Group 

Fabio Martinelli, Cybersecurity Observatory and Italian Research Council.

Further info blq.it/en/cyrano and registration: cyrano@bologna-airport.it 


CNR researchers successfully identified KIA Head Unit vulnerability and made it a CVE entry.

E-CORRIDOR researchers Gianpiero Costantino and Ilaria Matteucci from CNR successfully identified KIA Head Unit vulnerability and made it a CVE entry. This is an additional step forward in the direction of making our vehicles secure against potential cyber-attacks and delivering secure Intelligent Transport Systems (ITS) solutions.

About this CVE entry

It is a public report of a vulnerability discovered on some software versions of KIA Motors Head Units (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8539).

Figure 1. The CVE for Kia Motors Head Unit

Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable daemon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.

Importance of this finding

It is an important achievement for the cybersecurity automotive domain and our finding is relevant for the E-CORRIDOR project because it represents an additional step forward in the direction of making our vehicles secure against potential cyber-attacks. 

Links

The CVE is already public at the link (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8539).

A technical report on the discovered vulnerability is published as CNR Technical Report IIT-20-2020 (https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf). The full paper with all the details is planned to be released in 2021.


Open Research Europe, the EC scientific publishing service for H2020 and Horizon Europe

What is it?

Open Research Europe will be a scholarly publishing platform providing a fully open access peer-reviewed publishing service for Horizon 2020 and Horizon Europe beneficiaries at no cost to them, during and after the end of their grants. The platform will enable rapid publication times and publication outputs that support research integrity, reproducibility and transparency and enable open science practices.

Why is it important?

Open Research Europe is a significant step towards ensuring that all Horizon 2020 and Horizon Europe publications are fully open access. It is a publishing service for Horizon 2020 and Horizon Europe beneficiaries at no cost to them, with quick publication times without editorial barriers, but with a rigorous and open peer review process. The open-access model enables everyone to access the results: the global scientific community as well as the wider public. The platform supports reproducibility and reduces research waste maximising the value, impact and reach of the Commission’s funding.

In all, Open Research Europe supports the European Commission’s vision to drive innovation and economic growth by removing barriers to scientific discovery, facilitating progress towards securing Europe’s global competitiveness in innovation and ultimately benefiting health and wellbeing across the globe.

When will it be available?

Open Research Europe will be accepting article submissions from autumn 2020, with the official launch planned for early 2021.

Open access in E-CORRIDOR

E-CORRIDOR decided to follow 'Green' open access for the scientific publications, which means that the published article or the final peer-reviewed manuscript is archived by the researcher - or a representative - in an online repository before, after or alongside its publication. However, E-CORRIDOR will firmly support the 'Gold' open access (e.g. using Open Research Europe) to further remove the permission and access barriers.


EU H2020 ICT Security project E-CORRIDOR successfully kicked off

Intro

E-CORRIDOR aims at providing a flexible, secure, and privacy-aware framework allowing confidential, distributed, and edge-enabled security services in multi-modal transport systems, as threat analysis and prevention as well as privacy-aware seamless access mechanism. The consortium consists of 15 partners from 5 EU countries, with a total of 5.9 million budget.

Cyber attack influence is growing in our everyday life, and, indeed, the targets become our mobile devices, our bank accounts, or our new electric and autonomous vehicles. The need for protection of the cyber world, which often has a significant convergence with the physical one, requires that both cyber and safety aspects be managed together. The increased amount of information (and collaboration) allow for better prediction and management of cyber attacks. However, when sharing information, one wishes to retain control of the information, even when it is shared for prediction of vulnerabilities of just for accessing systems (e.g., a transport one). There are the need and the opportunity to unleash the power of sharing.

Another important scenario for highlighting the importance of data sharing while preserving privacy is the COVID-19 tracing. More and more public health organizations and authorities are using mobile apps for contact tracing and analyzing the infection status of the people using this app. Here, users share the anonymized data with other mobile phones that are in their vicinity and with authorities for analytics purposes. Besides, another direct impact of COVID on our life is that more travel barriers are set in the transport domain, such as health certificates for entering specific countries. If travelling abroad, loads of travel documents need to be shown and verified, which actually can be solved by adopting continuous and privacy-aware authentication mechanisms to realize seamless access. To summarize, data sharing and data analytics have immense potential to upgrade our economy and life modes further, but should follow a privacy- and security- by-design principle to eliminate hidden risks.

E-CORRIDOR’s mission is to define a framework for multi-modal transport systems, which provides secure advanced services for passengers and transport operators. The framework includes collaborative privacy-aware edge-enabled information sharing, analysis, and protection as a service. The project plans to show the applicability of this framework in at least two domains: (i) collaborative and confidential cyber threat management and (ii) seamless access mechanism in multi-modal transport systems. Three pilots will be conducted in E-CORRIDOR to verify the proposed ideas and outcomes, including the Airport and Train (AT) Pilot (led by ADP), Car Sharing Pilot (S2C) (led by CLEM) and Information Sharing and Analytics Centre Pilot (ISAC) (led by MISE).

 

Figure 1. E-CORRIDOR operational concept.

Moments of the Kick-off Meeting

E-CORRIDOR began on June 1st, 2020, with a one-day virtual kick-off meeting on July 6th, 2020. The meeting was hosted by the project coordinator Dr. Fabio Martinelli from CNR and attracted more than 40 attendees. The EC project officer Pavlos Fournogerakis affirmed the significance of E-CORRIDOR and provided more guidance in project management and implementation to ensure overall success.

Figure 2. Screenshots of the online E-CORRIDOR kick-off meeting. Top: Dr. Fabio Martinelli (coordinator) introducing the targets of E-CORRIDOR; Bottom: Pavlos Fournogerakis (EC project officer) giving a presentation on project management and success.

During the meeting, introductions to each work package and task were given, followed by a productive discussion on the technical details and next-step plans.

Even though the COVID-19 caused some barriers in our daily life and among countries, we can surely expect that E-CORRIDOR will eliminate the barriers for information sharing and trust mechanism in the multi-modal transport domains, and achieve wider success by putting our innovative outputs into practice.