Paulo Simoes

University of Coimbra | UC · DEI-CISUC

Industrial Automation and Control systems have matured into a stable infrastructure model that has been kept fundamentally unchanged, using discrete embedded systems (such as Programmable Logic Controllers) to implement the first line of sensorization, actuation, and process control and stations and servers providing monitoring, supervision, loggin...

Electrical grids generate, transport, distribute and deliver electrical power to consumers through a complex Critical Infrastructure which progressively shifted from an air-gaped to a connected architecture. Specifically, Smart Substations are important parts of Smart Grids, providing switching, transforming, monitoring, metering and protection fun...

With the rise of the Industrial IoT (Internet of Things) and Industry 4.0 paradigms, many control and sensor systems used for IACS (Industrial Automation and Control Systems) have become more complex, due to the increasing number of interconnected field devices, sensors and actuators often being geographically spread across large areas. Supporting...

In the domain of Industrial Automation and Control Systems (IACS), security was traditionally downplayed to a certain extent, as it was originally deemed an exclusive concern of Information and Communications Technology (ICT) systems. The myth of the air-gap, as well as other preconceived notions about implicit IACS security, constituted dangerous...

With the emergence of the Industry 4.0 paradigm, there is a need to introduce a significant degree of flexibility, security and resilience in automation infrastructures, while keeping up with real-time requirements that are characteristic of such domains. Interestingly, many of these driving principles are the same that encouraged the adoption of v...

When it comes to protecting confidential and/or sensitive information, organizations have a plethora of recommendations, standards, policies and security controls at their disposal, conceived to deal with a wide variety of threats. However, most of them share the same fundamental premise: that weaknesses are inline by nature, as a consequence of in...

Building Automation and Control Systems (BACS) are traditionally based on specialized communications protocols, such as KNX or BACnet, and dedicated sensing and actuating devices. Despite the increased awareness about the security risks associated with BACS, there is in general a lack of security tools for protecting this special breed of cyber-phy...

Due to the growing complexity and scale of IT systems, there is an increasing need to automate and streamline routine maintenance and security management procedures, to reduce costs and improve productivity. In the case of security incidents, the implementation and application of response actions require significant efforts from operators and devel...

As novas redes 5G estão a dar os primeiros passos, estimando-se que 2020 seja o seu ano de arranque generalizado. Para preparar a indústria portuguesa para este novo desafio, foi iniciado em 2018, com a duração de 3 anos, o projeto Mobilizador 5G (M5G). Este projeto agrega vários representantes da indústria, desde operadores de telecomunicações até...

This is a dataset bundle with diverse types of attacks, as well as normal traffic. The capture was obtained in a real house with a complete Building Automation and Control System (BACS). This document describes the several included datasets and how their data can be employed in security analysis of KNX based building Automation. The future of mode...

Business and residential gateways are customer premises equipment (CPE) devices that connect the customer network to the operator network. Being hampered by a traditional , device-centric, deployment approach, these devices are regarded as candidates for partial or full virtualization, with envisioned benefits in terms of simplified management, har...

Prior experience from the authors has shown that a heavily theoretical approach for cybersecurity training has multiple shortcomings, mostly due to the demanding and diversified nature of the prerequisites, often involving concepts about operating system design, networking and computer architecture, among others. In such circumstances, the quest fo...

Building Automation and Control Systems (BACS) designate the mechanisms that are used to automate buildings’ operations such as climate control, lightning and access control. As such, traditional BACS encompass extensively automated buildings managed in an integrated manner, with the support of Supervisory Control and Data Acquisition (SCADA) syste...

Compared with the previous generations of wireless communication networks (4G), a 5G network provides a great increase in data rates with improved Quality of Service (QoS), exceptionally low latency (Ahmad, et al., 2017), and high device density. This will allow not only a great number of handheld devices but also to massively connect Internet of T...

Cyber-physical systems permeate the fabric of our society, being a crucial part of what makes it possible. As such, ensuring their security is a primal concern that cannot be neglected, whether it relates to essential services, transportation or factories. But new scenarios and use cases are emerging, which require equal concern and care, as it is...

This Special Issue aims to present a collection of studies describing the latest advances in data-driven approaches to security and safety for critical applications, encompassing different application scenarios, from ICS/CIP protection, to IoT, UAV or V2X scenarios, among others. Extended submissions open until 2022 - check the URL!

The next-generation of Industrial Automation and Control Systems (IACS) and Supervisory Control and Data Acquisition (SCADA) systems pose numerous challenges in terms of cybersecurity monitoring. We have been witnessing the convergence of OT/IT networks, combined with massively distributed metering and control scenarios such as smart grids. Larger...

Private data is transmitted and stored online every second. Therefore, security and privacy assurances should be provided at all times. However, that is not always the case. Private information is often unwillingly collected, sold, or exposed, depriving data owners of their rightful privacy. In this paper, various privacy threats, concepts, regulat...

A diversity of technical advances in the field of network and systems virtualization have made it possible to consolidate and manage resources in an unprecedented scale. These advances have started to come out of the data centers, spreading towards the network service provider (NSP) and telecommunications operator infrastructure foundations, from t...

Quite often, organizations are confronted with the burden of managing mobile device assets, requiring control over installed applications, security, usage profiles or customization options. From this perspective, the emergence of the Bring Your Own Device (BYOD) trend has aggravated the situation, making it difficult to achieve an adequate balance...

Computing and networking systems traditionally record their activity in log files, which have been used for multiple purposes such as troubleshooting, accounting, post-incident analysis of security breaches, capacity planning and anomaly detection. In earlier systems those log files were processed manually by systems administrators, or with the sup...

To a certain extent, it can be considered that cybersecurity has a PR problem. Despite all the campaigns and publicity surrounding the matter, there are certain age groups for whom the message doesn't go through, either because it sounds too condescending or too technical. This is more of a problem for undergraduate students in computer science cou...

Quite often, the deployment of components for network monitoring or security purposes constitutes a burden, due to the need for IT teams to perform on-site setup procedures, and/or to manually configure diversified equipment or services. While this approach may still be somehow manageable for contained infrastructures such as LANs, it cannot cope w...

As personal data establishes itself as one of the main resources of our digital society, ways of controlling, monitoring, managing and securing personally identifiable information have become crucial. PoSeID-on is an H2020 European Union project that targets this need. In this paper, we present and discuss PoSeID-on’s risk management and personal d...

Participatory budgeting (PB) is currently one of the most widely adopted democratic innovations. ICT platforms are key enablers of PB processes, by supporting citizen engagement. They support the establishment of diverse participation channels to build candidate proposals, for the voting process, and for monitoring proposals' implementation. PB pla...

In recent years, IACS (Industrial Automation and Control Systems) have become more complex, due to the increasing number of interconnected devices. This IoT (internet of things)-centric IACS paradigm, which is at the core of the Industry 4.0 concept, expands the infrastructure boundaries beyond the aggregated-plant, mono-operator vision, being disp...

Personal data is currently being used in countless applications in a vast number of areas. Despite national and international legislation, the fact is that users have little or no control over who uses their data and for what purposes, and data protection is still, in many cases, a theoretical possibility only. In this paper, we present an approach...

Modern home networks constitute a diverse ecosystem of devices and services, whose management is mostly handled by means of specific service or device provider mechanisms, with only a minority of customers possessing the technical skills required to deal with such tasks. This means that, when it comes to security, most users often exclusively rely...

Modern societies increasingly depend on products and services provided by Critical Infrastructures (CI) in areas such as energy, telecommunications and transportation, which are considered vital for their wellbeing. These CIs usually rely on Industrial Automation and Control Systems (IACS), which are becoming larger and more complex due to the incr...

It is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying SCADA network protocols (amongst other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led...

The growing number of cyber-attacks targeting critical infrastructures, as well as the effort to ensure compliance with security standards (e.g. Common Criteria certifications), has pushed for Industrial Automation Control Systems to move away from the use of conventional firewalls in favor of hardware-enforced strict unidirectional gateways (data...

Denial of Service attacks, which have become commonplace on the Information and Communications Technologies domain, constitute a class of threats whose main objective is to degrade or disable a service or functionality on a target. The increasing reliance of Cyber-Physical Systems upon these technologies, together with their progressive interconnec...

Mobile devices capabilities have increased dramatically over the past years, allowing users to carry a sophisticated mix of computing power and connectivity options, in a diversity of convenient form-factors (e.g. wear- ables, smartphones, tablets). This evolution has made it possible for these devices to evolve beyond being simple tools, as they s...

Intercontinental data processing cloud systems raise stringent security and privacy challenges, particularly due to legislation differences. We propose solutions for these challenges with elastic AAA, efficient privacy and anonymization techniques in multiple phases, and security assessment for trustworthiness estimation.

Supervisory Control and Data Acquisition (SCADA) systems, which are often used in several types of Essential Systems and Critical Infrastructures, depend on control devices such as Programmable Logic Controllers, Remote Terminal Units and Intelligent Electronic Devices. Such devices, which are deployed at the edge of the SCADA infrastructure, direc...

The Residential Gateway (RGW) is a key device, located in the customer premises, standing between the home network and the access network. It imposes a considerable cost for the operator and constitutes a single point of failure for all the services offered to residential customers – such as Internet access, Voice over IP, IPTV and Video-on-Demand....

Culprits’ identification by the means of suspicious pattern detection techniques from mobile device data is one of the most important aims of Mobile Forensic Data Analysis (MFDA). When criminal activities are related to entirely automated procedures such as malware propagation, predicting the corresponding behaviour is a rather achievable task. How...

The growing number of cyber-attacks targeting critical infrastructures, as well as the effort to ensure compliance with security standards (e.g. Common Criteria certifications), has pushed for Industrial Automation Control Systems to move away from the use of conventional firewalls in favor of hardware-enforced strict unidirectional gateways (data...

Modern societies increasingly depend on products and services provided by Critical Infrastructures (CI) in areas such as energy, telecommunications and transportation, which are considered vital for their wellbeing. These CIs usually rely on Industrial Automation and Control Systems (IACS), which are becoming larger and more complex due to the incr...

This dataset was generated on a small-scale process automation scenario using MODBUS/TCP equipment, for research on the application of ML techniques to cybersecurity in Industrial Control Systems. The testbed emulates a CPS process controlled by a SCADA system using the MODBUS/TCP protocol. It consists of a liquid pump simulated by an electric moto...

Contemporary mobile devices are the result of an evolution process where computational and networking capabilities have been continuously pushed so as to keep pace with the constantly growing workload requirements. This has allowed devices such as smartphone and tablets to perform increasingly complex tasks, up to the point of efficiently replacing...

Advances in Soft Computing have increased the probabilities of implementing mechanisms that are able to predict human behaviour. One of the fields that benefits more from the particular improvements are Digital Forensics. Criminal activity involving smartphones shows interesting behavioural variations that led the authors to create a technique that...

Presentation slides for the MobiTrust Workshop @Instituto de Telecomunicaçoes, Aveiro, Portugal

The discipline of Mobile Forensics (MF) has undoubtedly shown significant growth during the last few years. Research has advanced from data acquisition techniques to evidence representation methodologies, advanced evidence parsing and data analysis automation. As technology evolves and functionalities of mobile devices extend to other environments...

The book gathers contributions presented at the IFIP/IEEE Symposium on Integrated Network and Service Management (IM 2017) held in Lisbon, Portugal.

Over the recent years, control and sensor systems used for IACS (Industrial Automation and Control Systems) have become more complex, due to the increasing number of interconnected distributed devices, sensors and actuators. Such components are often widely dispersed in the field – this is the case for micro-generation (wire-to-water generation, so...

As Supervisory Control and Data Acquisition (SCADA) and Industrial and Automation Control System (IACS) architectures became more open and interconnected, some of their remotely controlled processes also became more exposed to cyber threats. Aspects such as the use of mature technologies and legacy equipment or even the unforeseen consequences of b...

Mobile devices are used for communication and for tasks that are sensitive and subject to tampering. Indeed, attacks can be performed on the users’ devices without user awareness, this represents additional risk in mission critical scenarios, such as Public Protection and Disaster Relief (PPDR). Intrusion Detection Systems are important for scenari...

Organizations are often faced with the need to manage large numbers of mobile device assets, including tight control over aspects such as usage profiles, customization, applications and security. Moreover, the raise of the Bring Your Own Device (BYOD) paradigm has further contributed to hamper these requirements, making it difficult to strike a bal...

Industrial Control Systems (ICS) are getting more vulnerable as they become increasingly interconnected with other systems. Industrial Internet of Things(IIoT) will bring new opportunities to business and society, along with new threats and security risks. One major change that ICS will face will be that of the dynamic network topology. Changes in...

The residential gateway (RGW) is a widely deployed device in the context of telecommunication services such as triple play and internet access. Designed to make the connection between the customer home and the operator infrastructure, it provides wired and/or wireless connectivity capabilities, also handling services such as Domain Name Service (DN...

The location of data centres is crucial when mobile network operators are moving towards cloudified mobile networks to optimize resource utilization and to improve performance of services. Quality of Experience (QoE) can be enhanced in terms of content access latency, by placing user content at locations where they will be present in the future. Th...

Intrusion Detection Systems are becoming an important defense mechanism for (supervisory control and data acquisition (SCADA) systems. SCADA systems are likely to become more dynamic leading to a need for research into how changes to the network architecture that is monitored, a�ffect the performance of defense mechanisms. This article investigates...

In recent years, Supervisory Control and Data Acquisition (SCADA) Industrial Control Systems (ICS)—systems used for controlling industrial processes, power plants, or assembly lines—have become a serious concern because of security and manageability issues. While the introduction of virtualization technologies has been instrumental in helping ICT i...

Modern Programmable Logic Controllers (PLCs) are pervasive components in Industrial Control Systems (ICS) such as Supervisory Control and Data Acquisition (SCADA), designed to control industrial processes autonomously or as part of a distributed system topology. Its success may be explained by its robustness and reliability, being one of the most e...

Cloud computing enables the on-demand delivery of resources for a multitude of services and gives the opportunity for small agile companies to compete with large industries. In the telco world, cloud computing is currently mostly used by Mobile Network Operators (MNO) for hosting non-critical support services and selling cloud services such as appl...

This paper presents a Distributed Intrusion Detection System (DIDS) for Supervisory Control and Data Acquisition (SCADA) Industrial Control Systems (ICS) that was developed for the CockpitCI project. Its architecture was designed to address the specific characteristics and requirements for SCADA cyber security that cannot be adequately fulfilled by...

In recent years, Supervisory Control and Data Acquisition (SCADA) Industrial Control Systems (ICS) – a kind of systems used for controlling industrial processes, power plants or assembly lines – have become a serious concern because of security and manageability issues. Years of air-gaped isolation, the increased coupling of ICS and Information and...

Mobile Edge Computing enables the deployment of services, applications, content storage and processing in close proximity to mobile end users. This highly distributed computing environment can be used to provide ultra-low latency, precise positional awareness and agile applications, which could significantly improve user experience. In order to ach...

Public Protection and Disaster Relief (PPDR) agencies in European member states currently rely on digital Private Mobile Radio (PMR) networks for mission critical operations. PMR networks are based on two main standards for Europe: Terrestrial Trunked Radio (TETRA) and TETRAPOL. These networks provide secure and resilient mobile voice services, as...

Nos últimos anos surgiu uma nova geração de aplicações baseadas em Voice-over-IP (VoIP), que oferecem serviços de comunicações de voz na Internet. Fornecidas maioritariamente como serviços over-the-top, e usando normas como o SIP ou mecanismos proprietários (tais como Skype, Google Talk e Yahoo! Voice), estas aplicações ganharam grande popularidade...

Critical infrastructure (CI) services are constantly consumed by the society and are not expected to fail. A common definition states that CIs are so vital to our society that a disruption would have a severe impact on both the society and the economy. CI sectors include, amongst others, electricity, telecommunication and transport. CIs can be mutu...

Despite being a relatively recent development, the SDN paradigm has already challenged the established network design, management and operation concepts. SDN is the result of a number of studies and ideas on network programming, oriented towards the improvement of the traditional network functionality and management, due to its unique levels of fle...

From an internet service provider's (ISP) perspective, modern broadband access networks pose significant and ever increasing challenges in terms of security management. The growing number of permanently connected home networks, with a myriad of poorly managed devices, imposes significant security risks not only to the domestic customers, unable to...

Critical Infrastructures (CIs) such as power distribution are referred to as "Critical" as, in case of failure, the impact on society and economy can be enormous. CIs are exposed to a growing number of threats. ICT security plays a major role in CI protection and risk prevention for single and interconnected CIs were cascading effects might occur....

Programmable Logic Controller (PLC) technology plays an important role in the automation architectures of several critical infrastructures such as Industrial Control Systems (ICS), controlling equipment in contexts such as chemical processes, factory lines, power production plants or power distribution grids, just to mention a few examples. Despite...

SIEM (Software Information and Event Management) systems are becoming increasingly commonplace in scenarios as diverse as ICT environments or Critical infrastructures, providing the means to process and analyse multiple distributed sources of information and events, for auditing or security purposes. The main component of its architecture is the co...

Cooperation among service providers, network providers, and access providers in the Internet allows the creation of new services to offer to customers that are in other domains, thus increasing revenue. However, the Internet heterogeneous environment, where each provider has its own policies, infrastructure and business goals, hinders the deploymen...

Cyber-threats are one of the most significant problems faced by modern Industrial Control Systems (ICS), such as SCADA (Supervisory Control and Data Acquisition) systems, as the vulnerabilities of ICS technology become serious threats that can ultimately compromise human lives. This situation demands a domain-specific approach to cyber threat detec...

Public and federal agencies from countries around the world are increasingly providing information technology based services via the Internet-known as e-government. Several of the general requirements of e-government services are satisfactorily met by the emerging Cloud Computing paradigm that promises a number of benefits such as service elasticit...

Public Protection and Disaster Relief (PPDR) agencies increasingly depend on specialized communications systems for supporting critical activities such as law enforcement operations, fire fighting, response to traffic accidents and medical emergencies, crowd control in large events, anti-terrorism, disaster relief and public protection in general....