On specification-based cyber-attack detection in smart grids

The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, the development, validation, and testing of data-driven countermeasures against cyber-attacks, such as machine learning-based detection approaches, lack important data from real-world cyber incidents. Unlike attack data from real-world cyber incidents, infrastructure knowledge and standards are accessible through expert and domain knowledge. Our proposed approach uses domain knowledge to define the behavior of a smart grid under non-attack conditions and detect attack patterns and anomalies. Using a graph-based specification formalism, we combine cross-domain knowledge that enables the generation of whitelisting rules not only for statically defined protocol fields but also for communication flows and technical operation boundaries. Finally, we evaluate our specification-based intrusion detection system against various attack scenarios and assess detection quality and performance. In particular, we investigate a data manipulation attack in a future-orientated use case of an IEC 60870-based SCADA system that controls distributed energy resources in the distribution grid. Our approach can detect severe data manipulation attacks with high accuracy in a timely and reliable manner

Security Management Framework for the Internet of Things

The increase in the design and development of wireless communication technologies offers multiple opportunities for the management and control of cyber-physical systems with connections between smart and autonomous devices, which provide the delivery of simplified data through the use of cloud computing. Given this relationship with the Internet of Things (IoT), it established the concept of pervasive computing that allows any object to communicate with services, sensors, people, and objects without human intervention. However, the rapid growth of connectivity with smart applications through autonomous systems connected to the internet has allowed the exposure of numerous vulnerabilities in IoT systems by malicious users. This dissertation developed a novel ontology-based cybersecurity framework to improve security in IoT systems using an ontological analysis to adapt appropriate security services addressed to threats. The composition of this proposal explores two approaches: (1) design time, which offers a dynamic method to build security services through the application of a methodology directed to models considering existing business processes; and (2) execution time, which involves monitoring the IoT environment, classifying vulnerabilities and threats, and acting in the environment, ensuring the correct adaptation of existing services. The validation approach was used to demonstrate the feasibility of implementing the proposed cybersecurity framework. It implies the evaluation of the ontology to offer a qualitative evaluation based on the analysis of several criteria and also a proof of concept implemented and tested using specific industrial scenarios. This dissertation has been verified by adopting a methodology that follows the acceptance in the research community through technical validation in the application of the concept in an industrial setting.O aumento no projeto e desenvolvimento de tecnologias de comunicação sem fio oferece múltiplas oportunidades para a gestão e controle de sistemas ciber-físicos com conexões entre dispositivos inteligentes e autônomos, os quais proporcionam a entrega de dados simplificados através do uso da computação em nuvem. Diante dessa relação com a Internet das Coisas (IoT) estabeleceu-se o conceito de computação pervasiva que permite que qualquer objeto possa comunicar com os serviços, sensores, pessoas e objetos sem intervenção humana. Entretanto, o rápido crescimento da conectividade com as aplicações inteligentes através de sistemas autônomos conectados com a internet permitiu a exposição de inúmeras vulnerabilidades dos sistemas IoT para usuários maliciosos. Esta dissertação desenvolveu um novo framework de cibersegurança baseada em ontologia para melhorar a segurança em sistemas IoT usando uma análise ontológica para a adaptação de serviços de segurança apropriados endereçados para as ameaças. A composição dessa proposta explora duas abordagens: (1) tempo de projeto, o qual oferece um método dinâmico para construir serviços de segurança através da aplicação de uma metodologia dirigida a modelos, considerando processos empresariais existentes; e (2) tempo de execução, o qual envolve o monitoramento do ambiente IoT, a classificação de vulnerabilidades e ameaças, e a atuação no ambiente garantindo a correta adaptação dos serviços existentes. Duas abordagens de validação foram utilizadas para demonstrar a viabilidade da implementação do framework de cibersegurança proposto. Isto implica na avaliação da ontologia para oferecer uma avaliação qualitativa baseada na análise de diversos critérios e também uma prova de conceito implementada e testada usando cenários específicos. Esta dissertação foi validada adotando uma metodologia que segue a validação na comunidade científica através da validação técnica na aplicação do nosso conceito em um cenário industrial

Performance of Machine Learning and Big Data Analytics paradigms in Cybersecurity and Cloud Computing Platforms

The purpose of the research is to evaluate Machine Learning and Big Data Analytics paradigms for use in Cybersecurity. Cybersecurity refers to a combination of technologies, processes and operations that are framed to protect information systems, computers, devices, programs, data and networks from internal or external threats, harm, damage, attacks or unauthorized access. The main characteristic of Machine Learning (ML) is the automatic data analysis of large data sets and production of models for the general relationships found among data. ML algorithms, as part of Artificial Intelligence, can be clustered into supervised, unsupervised, semi-supervised, and reinforcement learning algorithms

Context-aware and user bahavior-based continuous authentication for zero trust access control in smart homes

Orientador: Aldri Luiz dos SantosDissertação (mestrado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa : Curitiba, 24/02/2023Inclui referências: p. 96-106Área de concentração: Ciência da ComputaçãoResumo: Embora as casas inteligentes tenham se tornado populares recentemente, as pessoas ainda estão muito preocupadas com questões de segurança, proteção e privacidade. Estudos revelaram que questões de privacidade das pessoas geram prejuízos fisiológicos e financeiros porque as casas inteligentes são ambientes de convivência íntima. Além disso, nossa pesquisa revelou que os ataques de impersonificação são uma das ameaças mais graves contra casas inteligentes porque comprometem a confidencialidade, autenticidade, integridade e não repúdio. Normalmente, abordagens para construir segurança para Sistemas de Casas Inteligentes (SHS) requerem dados históricos para implementar controle de acesso e Sistemas de Detecção de Intrusão (IDS), uma vulnerabilidade à privacidade dos habitantes. Além disso, a maioria dos trabalhos depende de computação em nuvem ou recursos na nuvem para executar tarefas de segurança, que os invasores podem atacar para atingir a confidencialidade, integridade e disponibilidade. Além disso, os pesquisadores não consideram o uso indevido de SHS ao forçar os usuários a interagir com os dispositivos por meio de seus smartphones ou tablets, pois eles costumam interagir por qualquer meio, como assistentes virtuais e os próprios dispositivos. Portanto, os requisitos do sistema de segurança para residências inteligentes devem compreender percepção de privacidade, resposta de baixa latência, localidade espacial e temporal, extensibilidade de dispositivo, proteção contra impersonificação, isolamento de dispositivo, garantia de controle de acesso e levar em consideração a verificação atualizada com um sistema confiável. Para atender a esses requisitos, propomos o sistema ZASH (Zero-Aware Smart Home) para fornecer controle de acesso para as ações do usuário em dispositivos em casas inteligentes. Em contraste com os trabalhos atuais, ele aproveita a autenticação contínua com o paradigma de Confiança Zero suportado por ontologias configuradas, contexto em tempo real e atividade do usuário. A computação de borda e a Cadeia de Markov permitem que o ZASH evite e mitigue ataques de impersonificação que visam comprometer a segurança dos usuários. O sistema depende apenas de recursos dentro de casa, é autossuficiente e está menos exposto à exploração externa. Além disso, funciona desde o dia zero sem a exigência de dados históricos, embora conte com o passar do tempo para monitorar o comportamento dos usuários. O ZASH exige prova de identidade para que os usuários confirmem sua autenticidade por meio de características fortes da classe Something You Are. O sistema executa o controle de acesso nos dispositivos inteligentes, portanto, não depende de intermediários e considera qualquer interação usuário-dispositivo. A princípio, um teste inicial de algoritmos com um conjunto de dados sintético demonstrou a capacidade do sistema de se adaptar dinamicamente aos comportamentos de novos usuários, bloqueando ataques de impersonificação. Por fim, implementamos o ZASH no simulador de rede ns-3 e analisamos sua robustez, eficiência, extensibilidade e desempenho. De acordo com nossa análise, ele protege a privacidade dos usuários, responde rapidamente (cerca de 4,16 ms), lida com a adição e remoção de dispositivos, bloqueia a maioria dos ataques de impersonificação (até 99% com uma configuração adequada), isola dispositivos inteligentes e garante o controle de acesso para todas as interações.Abstract: Although smart homes have become popular recently, people are still highly concerned about security, safety, and privacy issues. Studies revealed that issues in people's privacy generate physiological and financial harm because smart homes are intimate living environments. Further, our research disclosed that impersonation attacks are one of the most severe threats against smart homes because they compromise confidentiality, authenticity, integrity, and non-repudiation. Typically, approaches to build security for Smart Home Systems (SHS) require historical data to implement access control and Intrusion Detection Systems (IDS), a vulnerability to the inhabitant's privacy. Additionally, most works rely on cloud computing or resources in the cloud to perform security tasks, which attackers can exploit to target confidentiality, integrity, and availability. Moreover, researchers do not regard the misuse of SHS by forcing users to interact with devices through their smartphones or tablets, as they usually interact by any means, like virtual assistants and devices themselves. Therefore, the security system requirements for smart homes should comprehend privacy perception, low latency in response, spatial and temporal locality, device extensibility, protection against impersonation, device isolation, access control enforcement, and taking into account the refresh verification with a trustworthy system. To attend to those requirements, we propose the ZASH (Zero-Aware Smart Home) system to provide access control for the user's actions on smart devices in smart homes. In contrast to current works, it leverages continuous authentication with the Zero Trust paradigm supported by configured ontologies, real-time context, and user activity. Edge computing and Markov Chain enable ZASH to prevent and mitigate impersonation attacks that aim to compromise users' security. The system relies only on resources inside the house, is self-sufficient, and is less exposed to outside exploitation. Furthermore, it works from day zero without the requirement of historical data, though it counts on that as time passes to monitor the users' behavior. ZASH requires proof of identity for users to confirm their authenticity through strong features of the Something You Are class. The system enforces access control in smart devices, so it does not depend on intermediaries and considers any user-device interaction. At first, an initial test of algorithms with a synthetic dataset demonstrated the system's capability to dynamically adapt to new users' behaviors withal blocking impersonation attacks. Finally, we implemented ZASH in the ns-3 network simulator and analyzed its robustness, efficiency, extensibility, and performance. According to our analysis, it protects users' privacy, responds quickly (around 4.16 ms), copes with adding and removing devices, blocks most impersonation attacks (up to 99% with a proper configuration), isolates smart devices, and enforces access control for all interactions

Módulo de Gestão de alarmes na Indústria 4.0

Com a constante evolução tecnológica, mais particularmente na área da indústria, tornou-se necessária a evolução dos métodos de monitorização de forma a garantir a segurança e o funcionamento devido de todos os domínios em questão. Com o intuito de contribuir para a monitorização de empresas com alto envolvimento tecnológico, o GECAD iniciou o desenvolvimento de um projeto, Alarm Management Model for 4.0 Industry, que consiste no desenvolvimento de um sistema capaz de gerir alarmes de várias fontes diferentes, facilitando o acesso a informação sobre os mesmos de forma clara e objetiva. O foco principal do projeto passa por definir, com base nos alarmes detetados, prioridades entre eles de forma individual ou combinada e permitir ao utilizador ter uma experiência simples e eficaz aquando da utilização do sistema desenvolvido.With the constant technology evolution, more particularly in the industrial area, it became the necessary the evolution of the monitorization methods in order to guarantee the security and the behavior of all the compartments in the system. With the goal of contributing to the monitorization of this type of companies, GECAD started the development of a new project, Alarm Management Model for 4.0 Industry that consists of developing a system capable of detecting alarms from various sources and manage it. The main focus of the project is about defining, based on the detected alarms, the individual and combined priority of them so it allows the user to have a simpler experience when using the developed system

Wide-Area Situation Awareness based on a Secure Interconnection between Cyber-Physical Control Systems

Posteriormente, examinamos e identificamos los requisitos especiales que limitan el diseño y la operación de una arquitectura de interoperabilidad segura para los SSC (particularmente los SCCF) del smart grid. Nos enfocamos en modelar requisitos no funcionales que dan forma a esta infraestructura, siguiendo la metodología NFR para extraer requisitos esenciales, técnicas para la satisfacción de los requisitos y métricas para nuestro modelo arquitectural. Estudiamos los servicios necesarios para la interoperabilidad segura de los SSC del SG revisando en profundidad los mecanismos de seguridad, desde los servicios básicos hasta los procedimientos avanzados capaces de hacer frente a las amenazas sofisticadas contra los sistemas de control, como son los sistemas de detección, protección y respuesta ante intrusiones. Nuestro análisis se divide en diferentes áreas: prevención, consciencia y reacción, y restauración; las cuales general un modelo de seguridad robusto para la protección de los sistemas críticos. Proporcionamos el diseño para un modelo arquitectural para la interoperabilidad segura y la interconexión de los SCCF del smart grid. Este escenario contempla la interconectividad de una federación de proveedores de energía del SG, que interactúan a través de la plataforma de interoperabilidad segura para gestionar y controlar sus infraestructuras de forma cooperativa. La plataforma tiene en cuenta las características inherentes y los nuevos servicios y tecnologías que acompañan al movimiento de la Industria 4.0. Por último, presentamos una prueba de concepto de nuestro modelo arquitectural, el cual ayuda a validar el diseño propuesto a través de experimentaciones. Creamos un conjunto de casos de validación que prueban algunas de las funcionalidades principales ofrecidas por la arquitectura diseñada para la interoperabilidad segura, proporcionando información sobre su rendimiento y capacidades.Las infraestructuras críticas (IICC) modernas son vastos sistemas altamente complejos, que precisan del uso de las tecnologías de la información para gestionar, controlar y monitorizar el funcionamiento de estas infraestructuras. Debido a sus funciones esenciales, la protección y seguridad de las infraestructuras críticas y, por tanto, de sus sistemas de control, se ha convertido en una tarea prioritaria para las diversas instituciones gubernamentales y académicas a nivel mundial. La interoperabilidad de las IICC, en especial de sus sistemas de control (SSC), se convierte en una característica clave para que estos sistemas sean capaces de coordinarse y realizar tareas de control y seguridad de forma cooperativa. El objetivo de esta tesis se centra, por tanto, en proporcionar herramientas para la interoperabilidad segura de los diferentes SSC, especialmente los sistemas de control ciber-físicos (SCCF), de forma que se potencie la intercomunicación y coordinación entre ellos para crear un entorno en el que las diversas infraestructuras puedan realizar tareas de control y seguridad cooperativas, creando una plataforma de interoperabilidad segura capaz de dar servicio a diversas IICC, en un entorno de consciencia situacional (del inglés situational awareness) de alto espectro o área (wide-area). Para ello, en primer lugar, revisamos las amenazas de carácter más sofisticado que amenazan la operación de los sistemas críticos, particularmente enfocándonos en los ciberataques camuflados (del inglés stealth) que amenazan los sistemas de control de infraestructuras críticas como el smart grid. Enfocamos nuestra investigación al análisis y comprensión de este nuevo tipo de ataques que aparece contra los sistemas críticos, y a las posibles contramedidas y herramientas para mitigar los efectos de estos ataques

Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques

Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet for lightweight portable devices. This would allow multi-fold increase in the capacity or capabilities of the existing and new software. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data-centers may lie in any corner of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and taken care of. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario. This extensive survey paper aims to elaborate and analyze the numerous unresolved issues threatening the cloud computing adoption and diffusion affecting the various stake-holders linked to it.Comment: 20 pages, 2 Figures, 1 Table. arXiv admin note: substantial text overlap with arXiv:1109.538

A Semantic Wiki-based Platform for IT Service Management

The book researches the use of a semantic wiki in the area of IT Service Management within the IT department of an SME. An emphasis of the book lies in the design and prototypical implementation of tools for the integration of ITSM-relevant information into the semantic wiki, as well as tools for interactions between the wiki and external programs. The result of the book is a platform for agile, semantic wiki-based ITSM for IT administration teams of SMEs

Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp

Improving Computer Network Operations Through Automated Interpretation of State

Networked systems today are hyper-scaled entities that provide core functionality for distributed services and applications spanning personal, business, and government use. It is critical to maintain correct operation of these networks to avoid adverse business outcomes. The advent of programmable networks has provided much needed fine-grained network control, enabling providers and operators alike to build some innovative networking architectures and solutions. At the same time, they have given rise to new challenges in network management. These architectures, coupled with a multitude of devices, protocols, virtual overlays on top of physical data-plane etc. make network management a highly challenging task. Existing network management methodologies have not evolved at the same pace as the technologies and architectures. Current network management practices do not provide adequate solutions for highly dynamic, programmable environments. We have a long way to go in developing management methodologies that can meaningfully contribute to networks becoming self-healing entities. The goal of my research is to contribute to the design and development of networks towards transforming them into self-healing entities. Network management includes a multitude of tasks, not limited to diagnosis and troubleshooting, but also performance engineering and tuning, security analysis etc. This research explores novel methods of utilizing network state to enhance networking capabilities. It is constructed around hypotheses based on careful analysis of practical deficiencies in the field. I try to generate real-world impact with my research by tackling problems that are prevalent in deployed networks, and that bear practical relevance to the current state of networking. The overarching goal of this body of work is to examine various approaches that could help enhance network management paradigms, providing administrators with a better understanding of the underlying state of the network, thus leading to more informed decision-making. The research looks into two distinct areas of network management, troubleshooting and routing, presenting novel approaches to accomplishing certain goals in each of these areas, demonstrating that they can indeed enhance the network management experience