What Scanners do at L7? Exploring Horizontal Honeypots for Security Monitoring

Honeypots are a common means to collect data useful for threat intelligence. Most efforts in this area rely on vertical systems and target a specific scenario or service to analyse data collected in such deployment. We here extend the analysis of the visibility of honeypots, by revisiting the problem from a horizontal perspective. We deploy a flexible honeypot system hosting multiple services, relying on the T-Pot project. We collect data for 5 months, recording millions of application requests from tens of thousands of sources. We compare if and how the attackers interact with multiple services. We observe attackers that always focus on one or few services, and others that target tens of services simultaneously. We dig further into the dataset, providing an initial horizontal analysis of brute-force attacks against multiple services. We show, for example, clear groups of attackers that rely on different password lists on different services. All in all, this work is our initial effort to build a horizontal system that can provide insights on attacks

Minimization of IEEE 802.11p Packet Collision Interference through Transmission Time Shifting

V2I communications are characterized by the presence of network nodes in vehicles and in the infrastructures that these vehicles use, as well as by the wireless interactions among them. Safety-related applications demand stringent requirements in terms of latency and packet delivery probability, especially when safety messages have to be delivered to vehicles by the infrastructure. Interference issues stem from the typical characteristics of wireless communications, i.e., the noise of the wireless medium, the limited communication range of the wireless entities, and the receiver passivity of all the conventional wireless transceivers during transmissions. This paper presents a synchronization mechanism to artificially replicate at a host premises destructive interference due to hidden terminals, together with an application-level technique to minimize that interference by shifting the packet transmission time, similarly to the MAC TDMA channel access method. As both have been field-tested, the paper also analyzes the results of these tests, all performed with real hardware on IEEE 802.11p over different frequencies and transmission powers, and with repeatability in mind. The resulting figures attest that interference effects due to hidden terminals may indeed take place on real IEEE 802.11p networks, and that carefully designed time-shifting mechanisms can actively mitigate them

Securing SOME/IP for In-Vehicle Service Protection

Although high-speed in-vehicle networks are being increasingly adopted by the industry to support emerging use cases, previous research already demonstrated that car hacking is a real threat. This paper formalizes a novel framework proposed to provide improved security to the emerging SOME/IP middleware, without introducing at the same time limitations in the communication patterns available. Most notably, the entire traffic matrix is designed to be configured using simple high-level rules, clearly stating who can talk to whom according to the service abstraction adopted by SOME/IP. Three incremental security levels are made available, accounting for different services being associated with different requirements. The core security protocol, encompassing a session establishment phase followed by the transmission of secured SOME/IP messages, has been formally verified, to prove its correctness in terms of authentication and secrecy properties. Performance-wise, in-depth experimental evaluations conducted with an extended version of vsomeip confirmed the introduction of quite limited penalties compared to the bare unsecured implementation

Protecting In-Vehicle Services : Security-Enabled SOME/IP Middleware

With every generation, vehicles are becoming smarter and more oriented toward information and communications technology (ICT). However, computerization is posing unforeseen challenges in a sector for which the first goal must be safety: car hacking has been shown to be a real threat. This article presents a novel mechanism to provide improved security for applications executed in the vehicle based on the principle of defining exactly who can talk to whom. The proposed security framework targets Ethernet-based communications and is tightly integrated within the emerging Scalable service-Oriented MiddlewarE over IP (SOME/IP) middleware. No complex configurations are needed: simple high-level rules, clearly stating the communications allowed, are the only element required to enable the security features. The designed solution has been implemented as a proof of concept (PoC) inside the vsomeip stack to evaluate the validity of the approach proposed: experimental measurements confirm that the additional overhead introduced in end-to-end communication is negligible

Strengthening Privacy and Cybersecurity through Anonymization and Big Data

L'abstract è presente nell'allegato / the abstract is in the attachmen

Enlightening the Darknets: Augmenting Darknet Visibility with Active Probes

Darknets collect unsolicited traffic reaching unused address spaces. They provide insights into malicious activities, such as the rise of botnets and DDoS attacks. However, darknets provide a shallow view, as traffic is never responded. Here we quantify how their visibility increases by responding to traffic with interactive responders with increasing levels of interaction. We consider four deployments: Darknets, simple, vertical bound to specific ports, and, a honeypot that responds to all protocols on any port. We contrast these alternatives by analyzing the traffic attracted by each deployment and characterizing how traffic changes throughout the responder lifecycle on the darknet. We show that the deployment of responders increases the value of darknet data by revealing patterns that would otherwise be unobservable. We measure Side-Scan phenomena where once a host starts responding, it attracts traffic to other ports and neighboring addresses. uncovers attacks that darknets and would not observe, e.g. large-scale activity on non-standard ports. And we observe how quickly senders can identify and attack new responders. The “enlightened” part of a darknet brings several benefits and offers opportunities to increase the visibility of sender patterns. This information gain is worth taking advantage of, and we, therefore, recommend that organizations consider this option

Cellular-V2X Communications for Platooning: Design and Evaluation

Abstract: Platooning is a cooperative driving application where autonomous/semi-autonomous vehicles move on the same lane in a train-like manner, keeping a small constant inter-vehicle distance, in order to reduce fuel consumption and gas emissions and to achieve safe and efficient transport. To this aim, they may exploit multiple on-board sensors (e.g., radars, lidars, positioning systems) and direct vehicle-to-vehicle communications to synchronize their manoeuvres. The main objective of this paper is to discuss the design choices and factors that determine the performance of a platooning application, when exploiting the emerging cellular vehicle-to-everything (C-V2X) communication technology and considering the scheduled mode, specified by 3GPP for communications over the sidelink assisted by the eNodeB. Since no resource management algorithm is currently mandated by 3GPP for this new challenging context, we focus on analyzing the feasibility and performance of the dynamic scheduling approach, with platoon members asking for radio resources on a per-packet basis. We consider two ways of implementing dynamic scheduling, currently unspecified by 3GPP: the sequential mode, that is somehow reminiscent of time division multiple access solutions based on IEEE 802.11p – till now the only investigated access technology for platooning – and the simultaneous mode with spatial frequency reuse enabled by the eNodeB. The evaluation conducted through system-level simulations provides helpful insights about the proposed configurations and C-V2X parameter settings that mainly affect the reliability and latency performance of data exchange in platoons, under different load settings. Achieved results show that the proposed simultaneous mode succeeds in reducing the latency in the update cycle in each vehicle’s controller, thus enabling future high-density platooning scenarios

A case for good defaults: pitfalls in VANET physical layer simulations

Network simulations are often the first choice to design, test, and evaluate novel applications and protocols for vehicular networks. Aiming for higher realism, simulators become increasingly complex, relying on detailed simulation models that are developed by different communities. With this trend, it also becomes difficult to understand all models in detail and researchers might lack the expert knowledge to parameterize such models properly. In this paper, we identify suboptimal default parameter values for physical layer effects in common simulation frameworks and show how they can negatively impact the results. We also review papers that use said simulation models and highlight that this is not simply a theoretical issue: We found that the majority of the papers simply copy these default parameter values or do not mention physical layer parameters at all. Both cases are clearly problematic. We thus argue that we should focus on reasonable default parameter values just as much as on the functional correctness of simulation models

Reconfigurable Antenna Systems: Platform implementation and low-power matters

Antennas are a necessary and often critical component of all wireless systems, of which they share the ever-increasing complexity and the challenges of present and emerging trends. 5G, massive low-orbit satellite architectures (e.g. OneWeb), industry 4.0, Internet of Things (IoT), satcom on-the-move, Advanced Driver Assistance Systems (ADAS) and Autonomous Vehicles, all call for highly flexible systems, and antenna reconfigurability is an enabling part of these advances. The terminal segment is particularly crucial in this sense, encompassing both very compact antennas or low-profile antennas, all with various adaptability/reconfigurability requirements. This thesis work has dealt with hardware implementation issues of Radio Frequency (RF) antenna reconfigurability, and in particular with low-power General Purpose Platforms (GPP); the work has encompassed Software Defined Radio (SDR) implementation, as well as embedded low-power platforms (in particular on STM32 Nucleo family of micro-controller). The hardware-software platform work has been complemented with design and fabrication of reconfigurable antennas in standard technology, and the resulting systems tested. The selected antenna technology was antenna array with continuously steerable beam, controlled by voltage-driven phase shifting circuits. Applications included notably Wireless Sensor Network (WSN) deployed in the Italian scientific mission in Antarctica, in a traffic-monitoring case study (EU H2020 project), and into an innovative Global Navigation Satellite Systems (GNSS) antenna concept (patent application submitted). The SDR implementation focused on a low-cost and low-power Software-defined radio open-source platform with IEEE 802.11 a/g/p wireless communication capability. In a second embodiment, the flexibility of the SDR paradigm has been traded off to avoid the power consumption associated to the relevant operating system. Application field of reconfigurable antenna is, however, not limited to a better management of the energy consumption. The analysis has also been extended to satellites positioning application. A novel beamforming method has presented demonstrating improvements in the quality of signals received from satellites. Regarding those who deal with positioning algorithms, this advancement help improving precision on the estimated position