Air University

Air University (AU), PAF Complex, E-9, Islamabad

Capital Cost: Rs. 1239.74 Million
Duration: 36 Months

National Centre of Cyber Security (NCCS) Pakistan

NCCS Vision

National Centre for Cyber Security (NCCS) shall play a leading role in securing Pakistan’s Cyberspace and making Pakistan world’s premier nation in Cyber Security.

NCCS Mission

To build national capabilities and capacities in Cyber Security to produce indigenous professionals and solutions in the field of Cyber Security

Cyberspace, a fifth warfare domain, has recently attracted attention of many developed and developing countries. The reports of government websites being hacked and sensitive data being stolen by foreign groups are not new anymore. There are greater threats to our national assets than before. It is noteworthy that effective cyber-attacks can cripple entire nation’s infrastructure and damage our economy.

Cyber Security has been recognized as a global problem, transcending national boundaries. McAfee estimates that cybercrime costs the global economy $400 billion annually. It particularly affects the developed world, but developing countries are at higher risk due to the lack of expertise and shortage of security professionals with adequate skills and experience to effectively combat this rising threat. Cyber Security is a rapidly growing challenge with new sophisticated zero-day attacks costing economies billions per year. The scale of the problem, rapid technology advancement, and technical nature of cyber-attacks widens the Cyber Security skills gap. Hence, there is a need for new initiatives that cannot only produce skillful people in this area but make Pakistan self-sustainable in the area of Cyber Security.

The NCCS Project is mainly focused on Research & Development (R&D) and human resource development in the specialized field of Cyber Security and its practical applications, which are important components of Vision 2025. The role of Cyber Security is growing in many businesses and applications, and is becoming vital for economic growth and national competitiveness. The idea is to provide a platform for boosting Cyber Security related R&D to have strong footings in international Cyber Security industry, reduce skill gap, and make Pakistan self-sustainable in this domain. The National Centre of Cyber Security will be focus on the following objectives:

  • Build national capacity to carry out R&D in the emerging field of Cyber Security by solving at least a small number of ‘hard’ Cyber Security problems identified and mutually agreed by a scientific committee comprising local and international experts.
  • Fulfill Pakistan’s Cyber Security requirements by solving local Cyber Security problems and take solutions to market through technology commercialization and licensing.
  • Developing a vibrant Cyber Security ecosystem
  • Build public and private partnerships
  • Become a catalyst for sustainable economic growth.
  • Establish collaborations with other national centres (AI, Robotics, Data Science and Maths) wherever required to achieve desired results

The Centre for Cyber Security makes strong connections between symbolic and non-symbolic computation, conjointly between applied and theoretical areas. It is based on solid mathematical modelling, empirical investigations, and experimental research involving development of secure system. It depends heavily on the core areas of computer science and computational intelligence. In this regard, the Centre is, perhaps, unique in terms of our commitment to both theory and practice in the field of Cyber Security. The Centre assembles strong research laboratories to conduct research in the areas of Cybercrime Investigations, Digital Forensics, Intrusion Detection Systems, Malware Analysis, Critical Infrastructure Security, Mobile Phone Security, IoT Security and Cyber Reconnaissance.

Federal Minister for Interior Ahsan Iqbal inaugurated National Centre for Cyber Security (NCCS) on Monday, 21st May 2018 at Air University Islamabad. “The minister said establishment of National Centre for Cyber Security was his dream which had now been fulfilled.” The NCCS is designed on a consortium model, with 11 labs from 12 Pakistani universities as part of the Centre, with Air University in the leading role. The total budget allocation to this centre is 1.239 billion PKR.

Overall Management Structure

The Centre will be spearheaded by a National Steering Committee (NSC) which will be advised by a Scientific and Industrial Advisory Board (SIAB). The NSC will be a supra-body that can review and approve activities in each of the constituent components of the Centre spread across different university campuses. Each of the

Alternate Text

be supported by the heads of the designated laboratories as well as the projects’ staff. The NCCS project will be led by NCCS Director/Chairman. Prof. Dr Kashif Kifayat has been selected as the Director of the National Centre for Cyber Security (NCCS). He is currently working as a Professor in Cyber Security and Chairman of the Computer Science Department at Air University.

Air University
Devices and Network
Security Lab
Air University

This lab has two application domains: smart devices security and network defence.
Smart Devices Security
In this lab research will focus on security analysis of Android OS, customization of Android OS with security enhancements, addressing privacy concerns of users, that includes securing files, folders, pictures, gallery and sending of usage statistics to Google and providing strong user control of device sensors i.e. GPS, WiFi, Mobile Networks, Camera, Mic etc. Moreover with smart devices becoming fixtures of our lives, there is a rising concern in companies on how to merge with the rising trend while at the same time safeguarding company’s proprietary information and communication on these devices. Thereby, research would also be aimed towards development of an indigenous Enterprise Level Control solution for Android devices.
Network Cyber Defence
Securing network infrastructure against cyberattacks is among one of the top priorities in any private sector, government departments, military or any other sensitive organizations. It is in this niche that the research work in the domain of Network Cyber Defence will play an important national role. The fundamental research would be towards development of an indigenous Security information and event management (SIEM) solution -- a framework that provides real-time analysis of security alerts generated by applications and network hardware. The research would target analysis of network log information using advanced machine learning techniques, effect analysis of network security policies on a large network, detection and prevention of advanced cyberattacks, automated security audit of an enterprise network, prediction based cyber defence mechanisms, network risk management and vulnerability management

Air University
National Cybercrime Forensics Lab
Air University

The main objective of the proposed lab is to work in close collaboration with the national bodies of Pakistan, such as NR3C (FIA), Pakistan Air Force (PAF), Army, Navy, and Police to counter their existing problems and facilitate them in areas where they lack research expertise. In particular, the lab will work in three main areas, namely social media forensics, computer forensics, and mobile phone forensics:
Social Media Forensics
In recent years, social media has gained high popularity. Today, Facebook alone have over 2.13 billion monthly active users. Forensic analysis of social data is performed post-incident. Naturally, investigators will gravitate to where the evidence exists. Although the photo and video evidence is sometimes posted by the criminals themselves, investigators can also utilize information posted by others to both strengthen a case and even identify the perpetrator of a crime. Lab focus in this area would be to perform R&D of social media forensic techniques and tools.
Computer Forensics
Computer forensics is the practice of collecting, analyzing and reporting on digital data. It can be used in the detection and prevention of crime and in any dispute where evidence is stored digitally. It is not just the content of emails, documents and other files which may be of interest to investigators but also the ‘metadata’ associated with those files. A computer forensic examination may reveal when a document first appeared on a computer, when it was last edited, when it was last saved or printed and which user carried out these actions. Lab focus in this area would be to perform R&D of computer forensic techniques and tools.
Mobile Forensics Mobile forensics is about the acquisition and the analysis of mobile devices to recover digital evidences of investigative interest. This is a useful for investigators as a method of gathering criminal evidence from a trail of digital data, which is often difficult to delete. Extraction of deleted mobile phone files used as criminal evidence is the primary work of mobile phone forensics. The continuous evolution of mobile phone technology allows the commercialization of new mobile phones, which creates new digital investigation problems. Lab focus in this area would be to perform R&D of mobile forensic techniques and tools.

Security Auditing and Evaluation Lab

National Cyber Security Auditing and Evaluation Lab (NCSAEL) will emphasize on following three main core areas for accomplishment of its goals.
Security Assessment (for applications and OS) NCSAEL will design and develop Security Assessment tools that will help perform security evaluation of existing foreign and local software, mobile applications (both Android and iOS), web applications and embedded applications (firmware) in accordance with the internationally recognized IT evaluation standards namely Common Criteria, NIST/FIPs etc. The lab will also develop Security Compliance Assessment toolkit for Windows and Linux OS in order to guarantee right and secure configurations in accordance with the CC protection Profiles (PP).
Advanced Threat Protection
NCSAEL will focus on development of indigenous malware sandbox that would help in early detection of zero-day vulnerabilities/ APTs thereby thwarting the risk of ever-escalating cyber-attacks. To preserve the security and anonymity of data over the insecure Internet, a secure VPN will also be developed which will provide a dedicated and secure connection for all stakeholders.
Readiness and Preparedness for CCTL Assessment Since Pakistan is only a certificate-consuming member of CCRA, NCSAEL will help organizations prepare for the security evaluation of their local products by the CCTL. Also, it will formulate a National Technology Framework, to standardize the security practices in the country.

Bahria University
Cyber Reconnaissance and Combat (CRC) Lab
Bahria University

The Cyber Reconnaissance and Combat (CRC) Lab will focus on development of indigenous IDS software that can monitor and raise alarms in case of cyber-attacks. The CRC lab will design a hardware prototype of IDS that would serve as a proof of concept. The FPGA based implementation of a complex IDS is extremely challenging task that shall require considerable time and effort. Over all the application domains of the IDS shall consist of the following:

  • Database Designing & Pre-processing
  • IDS Core Functionalities
  • Multicore System Implementation & Integration
  • Hardware Prototyping
NED University of Engineering and Technology
Internet Security and Quantum Technology Lab

The lab application domains include:
End Point Security
This will include operating system, memory, application and data security of PCs, mobile, servers used by individuals from malware. This has very vast scope due to variety and associated vulnerabilities in end point systems used by individuals and all corporate sector include government, transport, medical, travel, entertainment etc. Critical Infrastructure Security: Some online or offline end point systems can be classified as critical infrastructure due to their reliability and availability requirements. These services include banking, cyber connected power grid, control systems of nuclear power plants and critical cyber and communication services used by defence sector (navy, airforce and armed forces).
Internet Security
Early DOS and DDOS detection and prevention to ensure Cyber Security of government and corporate sector of Pakistan. Enhancing Cloud Security and resolving trust issues on Cloud so that Pakistan’s government and private sector can utilize the benefits of cloud computing with no security and privacy concerns. Development of regional’s and Pakistan’s Internet traffic and security archive for security profiling and uncovering the hidden malware and features and properties of Internet traffic. This security archive will globally increase Pakistan’s footprint in security.
Digital Forensics: Whether the computer forensic examiner investigates the evidence in his lab or he works directly at the crime scene, he needs a lot of tools and a well-prepared location to go, through analysis and fully investigate the digital evidence. This prepared location, the Computer Forensics Lab, must be equipped with the all needed tools and hardware to analyze, identify, preserve, recover, and present facts and opinions about the information at hand. The application domain of forensics will cover aspects related to endpoints and Internet systems.
Quantum Technology: As quantum information is an emerging technology and compared to the advanced countries of the world there is negligible research going on in the country. We aim to not only promote knowledge, research and expertise in this area but also provide security in communication, specifically to government and private sector organizations and generally to all the citizens of the country. As a result of this lab it will become possible for the country to utilize the latest quantum key distribution technology at affordable cost by manufacturing it indigenously. Secure and sustainable communication infrastructure is one of the main national security needs, as it will enhance the security and reliability of national communication infrastructure.

UET Peshawar
University of Engineering & Technology Peshawar, University of Peshawar, and
University of Technology Nowshera
Innovative Secured Systems Lab
This lab has four major domains of research located at UETP, UoP and UoTN.
Security Testing
The goal of this application area is to enhance the security of web applications and services against cyber-attacks. In particular, we aim to develop security testing tools that will cover the OWASP Top 10 vulnerabilities. The lack of effective testing techniques and tools is one of the main reasons that vulnerabilities remain undetected in web based systems. Lab will develop testing techniques and tools to discover multiple vulnerabilities in such systems. We plan to use novel testing techniques (e.g., search-based testing) for detection of vulnerabilities.
Secured Future Grids
The goal of the “Cyber Security and future grids” application area is to develop a national key infrastructure laboratory that will support the future R&D, develop key technologies (both power and ICT networks) and control software security algorithms for the automated future grid industry of Pakistan. This includes securing communication network, control system security and energy management.
Blockchain Security
This part will of the lab will focus on research and development of a framework for blockchain based web and mobile applications for both indigenous and international (cutting edge) technologies, formal modelling and verification framework for blockchian technologies and protocols and developing an efficient and cost effective algorithm and protocol for consensus problem in blockchain technologies.
Secured IoT Devices
This part of the lab would enable the deployment of cutting-edge scientific concepts and IoT based devices for the attainment of various economic and developmental goals. The utilization of IoT devices for monitoring of goods during conveyance is of paramount importance for ensuring the delivery of articles in good shape. Such kind of data is related to the condition, location, quantity and value of goods. However, such type of remote monitoring systems not only possess communication and mobile networking challenges, but also the protection of this immensely valuable data is a very complicated task. This process of achieving secure IoT communications requires acquaintance with the peculiarities of IoT based communication as well as an awareness of the innovative features of mobile networks along with careful design of the system.
Information Technology University (ITU)
Blockchain Security Lab

The blockchain is often considered as the internet 2.0. The blockchain, essentially a database and a giant network, known as a distributed ledger, records ownership and value, and allows anyone with access to view and take part. The blockchain is currently having its biggest impact in financial services, with the largest changes caused by infrastructures using blockchain APIs, which are delivering in the areas of speed in data processing, transparency (amongst the right people) and security. The blockchain offers consumers opportunity to achieve greater control over their information. This will impact on most organisations, as they increasingly rely on the acquisition and application of customer data.
The lab will deliver three different applications using blockchain technology:

  • Blockchain-powered Trust management system for identity authentication
  • Blockchain-based storage of Highly sensitive data.
  • Detection and Mitigation system for vulnerabilities in blockchain (private data-leakage)

The above-mentioned application areas are symbiotic and complement each other: only trusted entities are allowed to update data stored in blockchains running on hardware that are being protected against data leakage attacks.

UET Taxila
University of Engineering & Technology Taxila
Deep Packet Inspection (DPI) Lab

The proposed Cyber Security lab will focus on development a high speed deep packet inspection (DPI) engine. Based on high speed packet access, packet flow identification, protocol classification and high speed pattern matching services provided by DPI Core engine, This will contain two extension cores that include IP Data Record (IPDRs) generation and provisioning engine and context-aware contents extraction engine for L-7 protocols. These two packet processing engines along with DPI core engine can be used to develop different Cyber Security applications like high speed IPDR analytics for quick threat identification, link analysis to identify communication relationships and traffic behaviour analysis or L-7 protocol based comprehensive contents analysis for development of IDS, URL filtering, lawful interception and other Cyber Security applications as elaborated.

The Lahore University of Management Sciences
Internet Security and Privacy Lab

The proposed lab will provide fundamental advances in cyber defence to limit the ability of adversaries to compromise networks, improve security planning, vulnerability management, and outlining incident response activities. To this end, we specifically target three application domains:
Situational Awareness
In the situational awareness application domain, lab plan to 1) build a measurement infrastructure to study the threat landscape of Pakistan, and 2) derive actionable security intelligence from analysing hundreds of millions of log records and network data collected from distributed vantage points.
Software Security
In this part, lab will develop an automated toolchain for application debloating using 1) application configuration in a particular deployment, 2) specifications of the required functionality, and 3) application’s needs from libraries, other applications, peripheral devices and networks, and even the operating system kernel.
Infrastructure Security
In the infrastructure security application domain, our lab will build outside-the-VM defences including 1) classifying malware and abuse using VM performance counters, and 2) building a provenance manager that enables a live audit (for immediate attribution) and root-cause analysis (for determining how this was done). This would enable an immediate and online response that can selectively rollback only those operations that are identified as performed by the attacker

Pakistan Institute of Engineering & Applied Sciences (PIEAS), Islamabad
Critical Infrastructure Protection and Malware Analysis Lab

This Lab will be focused on developing the following systems.
Cyber Threat Monitoring System for Corporate Networks
The system will perform real-time data collection from various networked devices using agent- based and agentless mechanisms. It will use its own log parser and correlate available data from multiple systems. It will also quantify bad, suspicious, or abnormal events, corroborate behavioural events in a manner that will enable efficient detection of cyber-attacks using computational intelligence and machine-learning techniques. The system will focus on IT networks.
ICS Network Monitoring and Mitigation System
Once an initial security posture of an ICS is established, the next step is to deploy protection mechanisms protect the ICS, detect and respond to security breaches or cyber-attacks. This involves continuous monitoring of the ICS network and process-physics related studies to map the impact of cyber-attacks on the physical process. The system will focus on ICS specific protocols.
Development of National Threat Library and Anti Malware System
Malware Chemistry is getting more and more complex with each passing day. Encryption, polymorphism and metamorphism are used for evasion of detection techniques. The objective of this project will be the development of national cyber-threat library, providing a collection of common malware signature database. This will be followed by development of an anti-malware system using computational intelligence and machine learning techniques to detect patterns of unknown malwares.
ICS Cyber Vulnerability Assessment System
Assessment of the Cyber Security posture of any ICS is an important step to pro-actively address any shortcomings and vulnerabilities. A vulnerability assessment system shall collect data from the system, analyze, and deduce if the system is vulnerable to any known exploits.

UET Lahore
University of Engineering & Technology, Lahore
Internet of Things (IoT) Security Lab

The proposed IoTSEC Lab will address the three crucial research problems faced across the globe, first research domain is the "Implementation of Standard Security framework for IoT" in which lab will be developing a standard compliant security architecture for providing interoperability and secure communication among IoT devices.
Second, another research domain is the "Development of Next Generation IoT Firewalls" that will develop database of IoT security attacks and consider security attacks specific to IoT to perform their threat modelling, security profiling, threat prioritization, and also consider the countermeasures and log down the unhandled events. It will comprise of context aware breach detection system and will utilize Cyber Security (AI) and Machine Learning (ML) based techniques for rule based filtering and threshold based filtering of vulnerabilities and then take proactive measures to deal with the zero-day attack detection, advanced persistent attacks and other specific attacks such as device cloning, etc.
Third research domain is the "Development of IoT Security Audit Tool(s)" for audit and verification of security measures taken on IoT hardware, software and within IoT security frameworks. It should perform autonomous auditing of devices firmware, software (OS) and hardware to discover vulnerabilities in IoT systems. Data integrity, isolation and confidentiality will be checked by developing security testing techniques and then certificates issuing mechanism can also be developed for IoT devices and systems that will pass the security auditing tests.

The Secretariat

The secretariat of the NCCS will be held at Air University. The centre and its affiliated labs will be governed by a national steering committee (NSC) and will operate under the guidance and advisement of a scientific and industrial advisory board (SIAB). NCCS has already compiled a list of suitable nominations from international industry and scientific community for the scientific and industrial advisory board and currently working on budget refining of the first year.