166,496 research outputs found
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Recommended from our members
A Static Verification Framework for Secure Peer-to-Peer Applications
In this paper we present a static verification framework to support the design and verification of secure peer-to-peer applications. The framework supports the specification, modeling, and analysis of security aspects together with the general characteristics of the system, during early stages of the development life-cycle. The approach avoids security issues to be taken into consideration as a separate layer that is added to the system as an afterthought by the use of security protocols. The main functionality supported by the framework are concerned with the modeling of the system together with its security aspects by using an extension of UML, modeling of abuse cases to represent scenarios of attackers and assist with the identification of properties to be verified, specification of properties to be verified in a graphical template language, verification of the models against the properties, and visualization of the results of the verification process
Compiling symbolic attacks to protocol implementation tests
Recently efficient model-checking tools have been developed to find flaws in
security protocols specifications. These flaws can be interpreted as potential
attacks scenarios but the feasability of these scenarios need to be confirmed
at the implementation level. However, bridging the gap between an abstract
attack scenario derived from a specification and a penetration test on real
implementations of a protocol is still an open issue. This work investigates an
architecture for automatically generating abstract attacks and converting them
to concrete tests on protocol implementations. In particular we aim to improve
previously proposed blackbox testing methods in order to discover automatically
new attacks and vulnerabilities. As a proof of concept we have experimented our
proposed architecture to detect a renegotiation vulnerability on some
implementations of SSL/TLS, a protocol widely used for securing electronic
transactions.Comment: In Proceedings SCSS 2012, arXiv:1307.802
Enhancement of Security Architecture for Smartcard Based Authentication Protocols
Currently computer systems and software used by the average user offer less
security due to rapid growth of vulnerability techniques. This dissertation
presents an approach to increase the level of security provided to users when
interacting with otherwise unsafe applications and computing systems. It
provides a general framework for constructing and analyzing authentication
protocols in realistic models of communication networks. This framework
provides a sound formalization for the authentication problem and suggests
simple and attractive design principles for general authentication protocols. The
general approach uses trusted devices (specifically smartcards) to provide an area of secure processing and storage. The key element in this approach is a
modular treatment of the authentication problem in cryptographic protocols; this
applies to the definition of security, to the design of the protocols, and to their
analysis. The definitions are drawn from previous ideas and formalizations and
incorporate several aspects that were previously overlooked. To identify the best
cryptographic algorithm suitable for smartcard applications, the dissertation also
investigates the implementation of Elliptic Curve encryption techniques and
presents performance comparisons based on similar techniques. The findings
discovered that the proposed Elliptic Curve Cryptograpluc (ECC) method
provides greater efficiency than similar method in terms of computational speed.
Specifically, several aspects of authentication protocols were studied, and new
definitions of this problem were presented in various settings depending on the
underlying network. Further, the thesis shows how to systematically transform
solutions that work in a model of idealized authenticated communications into
solutions that are secure in the realistic setting of wired communication channels
such as access control, and online transactions involving contact communication
schemes.
As with all software development, good design and engineering practices are
important for software quality. Rather than thinking of security as an add-on feature to software systems, security should be designed into the system from the
earliest stages of requirements gathering through development, testing,
integration, and deployment. In view of this, a new approach for dealing with
this problem in an object-oriented approach is presented. Some practical
illustrations were analyzed based on the Unified Modeling Language (UML) as it
applies to modeling authentication/access control schemes in online
transactions. In particular, important issues such as how smartcard applications
can be modeled using UML techniques and how UML can be used to sketch the
operations for implementing a secure access using smartcard has been
addressed
- …