ITEA Cyber Security Advisory Board

CASPer is a set of tools and databases supporting MiCA, DORA and other cryptocurrency-related regulations across EU. CASPer contains a reputation database of well-known cryptocurrency asset service providers, which can be used to check their legal status, used IBAN accounts, blockchain activity, etc. By the end of DEFRAUDify project, CASPer will also include a risk-scoring system to perform due diligence on cryptocurrency transactions, addresses and clusters.

• Banks
• FinTech companies
• Cryptocurrency service providers

So far none but let’s hope that DEFRAUDify partner Bunq will adopt it

open-source

COINOMON (COIN MONitoring tool) is software which enables its user to conduct cryptocurrency forensics. COINOMON combines the functionality of a blockchain explorer, a linkage analysis system and a curated database of (meta)data from the cryptocurrency ecosystem. Unique features compared to the products by competition:

1. on-premises installation;
2. free API for integration with other tools/services;
3. OSINT and network intelligence enhancing information about address/cluster (meta)data.

• Law enforcement agencies
• Banks
• Regulatory entities

Unnamed law enforcement agencies

proprietary license

More than 80% of Internet traffic is now encrypted. This is a positive development for end users and organizations, providing them with data privacy. Encrypted traffic renders much of the existing tool-chains for cybersecurity useless as the ability to examine traffic contents is lost.

This solution allows to detect cyber-attacks hiding in encrypted traffic. Specifically, this solution covers: • Detect rogue IoT devices • Detect cyberattacks

• Security Operation Centres (SOCs)
• Large enterprises with internal Cybersecurity department
• IT Integrators (IT Consulting companies)

ENTA Solution will be available by the end of the project, that is by 2025

Service

FirmwareCheck is a tool for automated dynamic security analysis of firmware images generated by buildroot. Running in a CI-pipeline, it allows developers to identify security risks while developing IoT-firmware. FirmwareCheck emulates firmware using QEMU. Firmware is scanned for typical IoT security issues including:

• Outdated components (CVEs)
• Open (debug) ports
• Default passwords or anonymous logins
• Processes running as root
• Executables that can be used to get a reverse shell on a device

• Providers/vendors of IoT Systems
• Security consulting companies

Open source: Apache 2.0 License

Irdeto Keys & Credentials is a managed security service for the complete lifecycle of trusted identities, secrets, and secured firmware for connected embedded products. It provides long-term security rooted in silicon for devices such as set-top boxes, routers, engine control units, smart grid modules, and medical devices. A flexible, scalable, and customizable solution is provided with cloud services, on-prem installations and dedicated physical keying centres with staffed personnel.

• Communication Service Providers
• Automotive and Railway Device Manufacturers
• Medical Device Manufacturers

• Charter Communications
• Knorr-Bremse GmbH
• CharIN e. V.

Managed Service

PRIGM, a high-throughput Hardware Security Module, integrated with high-performance secure IoT gateways and secure authentication tokens present a hardware-based cyber-physical resilience solution stack. The solutions create point-to-point security between any node pairs in a cyber-physical system.

• Data centres, HPCs, cloud providers
• Financial institutions, banks
• Cyber-physical and autonomous system integrators

• The certification and contracting phase is still ongoing with 3 customers from the automotive, ICT and logistics domains.
• Reference H2020 projects: Critical-Chains, Safety4Rails, Valu3S

PRIGM-as-a-Service over cloud Hardware solution stack that can be deployed in any cyber-physical system Licensing & consultancy