Uncovering Network Perimeter Vulnerabilities in Cisco Routers According to Requirements Defined in Pci Dss 2.0

According to the Payment Card Industry (PCI), over 500 million records containing sensitive cardholder data have been breached since January 2005. Merchants accepting credit and debit cards are at the center of payment card transactions, making it crucial that standard security procedures and technologies are employed to thwart cardholder data theft. Numerous organizations have experienced embarrassing breaches, which lead to losses of credit card data, including Starbucks, California Pizza Kitchen, and TJX Companies. This paper examined an action research methodology to test the security of a network router and remediate all the vulnerabilities that caused it to fail the requirements of the Payment Card Industry Data Security Standards (PCI DSS). The basic functions of a router include packet forwarding, sharing routing information with adjacent routers, packet filtering, network address translation (NAT), and encrypting or decrypting packets. Since a router is traditionally installed at the perimeter of a network, it plays an important role in network security. By following the approach of this study, administrators should understand how employing a network vulnerability scanner to test a host can illuminate hidden security risks. This study also demonstrated how to use the results of the vulnerability scan to harden a host to ensure it complied with the Payment Card Industry\u27s (PCI DSS) requirements

Information Security Analysis and Auditing of IEC61850 Automated Substations

This thesis is about issues related to the security of electric substations automated by IEC61850, an Ethernet (IEEE 802.3) based protocol. It is about a comprehen­ sive security analysis and development of a viable method of auditing the security of this protocol. The security analysis focuses on the possible threats to an electric substation based on the possible motives of an attacker. Existing methods and met­ rics for assessing the security of computer networks are explored and examined for suitability of use with IEC61850. Existing methods and metrics focus on conven­ tional computers used in computer networks which are fundamentally different from Intelligent Electronic Devices (IED’s) of substations in terms of technical composition and functionality. Hence, there is a need to develop a new method of assessing the security of such devices. The security analysis is then used to derive a new metric scheme to assess the security of IED’s that use IEC61850. This metric scheme is then tested out in a sample audit on a real IEC61850 network and compared with two other commonly used security metrics. The results show that the new metric is good in assessing the security of IED’s themselves. Further analysis on IED security is done by conducting simulated cyber attacks. The results are then used to develop an Intrusion Detection System (IDS) to guard against such attacks. The temporal risk of intrusion on an electric substation is also evaluated

On Enhancing Security of Password-Based Authentication

Password has been the dominant authentication scheme for more than 30 years, and it will not be easily replaced in the foreseeable future. However, password authentication has long been plagued by the dilemma between security and usability, mainly due to human memory limitations. For example, a user often chooses an easy-to-guess (weak) password since it is easier to remember. The ever increasing number of online accounts per user even exacerbates this problem. In this dissertation, we present four research projects that focus on the security of password authentication and its ecosystem. First, we observe that personal information plays a very important role when a user creates a password. Enlightened by this, we conduct a study on how users create their passwords using their personal information based on a leaked password dataset. We create a new metric---Coverage---to quantify the personal information in passwords. Armed with this knowledge, we develop a novel password cracker named Personal-PCFG (Probabilistic Context-Free Grammars) that leverages personal information for targeted password guessing. Experiments show that Personal-PCFG is much more efficient than the original PCFG in cracking passwords. The second project aims to ease the password management hassle for a user. Password managers are introduced so that users need only one password (master password) to access all their other passwords. However, the password manager induces a single point of failure and is potentially vulnerable to data breach. To address these issues, we propose BluePass, a decentralized password manager that features a dual-possession security that involves a master password and a mobile device. In addition, BluePass enables a hand-free user experience by retrieving passwords from the mobile device through Bluetooth communications. In the third project, we investigate an overlooked aspect in the password lifecycle, the password recovery procedure. We study the password recovery protocols in the Alexa top 500 websites, and report interesting findings on the de facto implementation. We observe that the backup email is the primary way for password recovery, and the email becomes a single point of failure. We assess the likelihood of an account recovery attack, analyze the security policy of major email providers, and propose a security enhancement protocol to help securing password recovery emails by two factor authentication. \newline Finally, we focus on a more fundamental level, user identity. Password-based authentication is just a one-time checking to ensure that a user is legitimate. However, a user\u27s identity could be hijacked at any step. For example, an attacker can leverage a zero-day vulnerability to take over the root privilege. Thus, tracking the user behavior is essential to examine the identity legitimacy. We develop a user tracking system based on OS-level logs inside an enterprise network, and apply a variety of techniques to generate a concise and salient user profile for identity examination

Cyber Attack Surface Mapping For Offensive Security Testing

Security testing consists of automated processes, like Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST), as well as manual offensive security testing, like Penetration Testing and Red Teaming. This nonautomated testing is frequently time-constrained and difficult to scale. Previous literature suggests that most research is spent in support of improving fully automated processes or in finding specific vulnerabilities, with little time spent improving the interpretation of the scanned attack surface critical to nonautomated testing. In this work, agglomerative hierarchical clustering is used to compress the Internet-facing hosts of 13 representative companies as collected by the Shodan search engine, resulting in an average 89% reduction in attack surface complexity. The work is then extended to map network services and also analyze the characteristics of the Log4Shell security vulnerability and its impact on attack surface mapping. The results highlighted outliers indicative of possible anti-patterns as well as opportunities to improve how testers and tools map the web attack surface. Ultimately the work is extended to compress web attack surfaces based on security relevant features, demonstrating via accuracy measurements not only that this compression is feasible but can also be automated. In the process a framework is created which could be extended in future work to compress other attack surfaces, including physical structures/campuses for physical security testing and even humans for social engineering tests

A Misuse-Based Intrusion Detection System for ITU-T G.9959 Wireless Networks

Wireless Sensor Networks (WSNs) provide low-cost, low-power, and low-complexity systems tightly integrating control and communication. Protocols based on the ITU-T G.9959 recommendation specifying narrow-band sub-GHz communications have significant growth potential. The Z-Wave protocol is the most common implementation. Z-Wave developers are required to sign nondisclosure and confidentiality agreements, limiting the availability of tools to perform open source research. This work discovers vulnerabilities allowing the injection of rogue devices or hiding information in Z-Wave packets as a type of covert channel attack. Given existing vulnerabilities and exploitations, defensive countermeasures are needed. A Misuse-Based Intrusion Detection System (MBIDS) is engineered, capable of monitoring Z-Wave networks. Experiments are designed to test the detection accuracy of the system against attacks. Results from the experiments demonstrate the MBIDS accurately detects intrusions in a Z-Wave network with a mean misuse detection rate of 99%. Overall, this research contributes new Z-Wave exploitations and an MBIDS to detect rogue devices and packet injection attacks, enabling a more secure Z-Wave network

Wide spectrum attribution: Using deception for attribution intelligence in cyber attacks

Modern cyber attacks have evolved considerably. The skill level required to conduct a cyber attack is low. Computing power is cheap, targets are diverse and plentiful. Point-and-click crimeware kits are widely circulated in the underground economy, while source code for sophisticated malware such as Stuxnet is available for all to download and repurpose. Despite decades of research into defensive techniques, such as firewalls, intrusion detection systems, anti-virus, code auditing, etc, the quantity of successful cyber attacks continues to increase, as does the number of vulnerabilities identified. Measures to identify perpetrators, known as attribution, have existed for as long as there have been cyber attacks. The most actively researched technical attribution techniques involve the marking and logging of network packets. These techniques are performed by network devices along the packet journey, which most often requires modification of existing router hardware and/or software, or the inclusion of additional devices. These modifications require wide-scale infrastructure changes that are not only complex and costly, but invoke legal, ethical and governance issues. The usefulness of these techniques is also often questioned, as attack actors use multiple stepping stones, often innocent systems that have been compromised, to mask the true source. As such, this thesis identifies that no publicly known previous work has been deployed on a wide-scale basis in the Internet infrastructure. This research investigates the use of an often overlooked tool for attribution: cyber de- ception. The main contribution of this work is a significant advancement in the field of deception and honeypots as technical attribution techniques. Specifically, the design and implementation of two novel honeypot approaches; i) Deception Inside Credential Engine (DICE), that uses policy and honeytokens to identify adversaries returning from different origins and ii) Adaptive Honeynet Framework (AHFW), an introspection and adaptive honeynet framework that uses actor-dependent triggers to modify the honeynet envi- ronment, to engage the adversary, increasing the quantity and diversity of interactions. The two approaches are based on a systematic review of the technical attribution litera- ture that was used to derive a set of requirements for honeypots as technical attribution techniques. Both approaches lead the way for further research in this field

Beyond the Hype: On Using Blockchains in Trust Management for Authentication

Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage trust in this setting. In recent years, blockchain technology has been introduced as a panacea to our security problems, including that of authentication, without sufficient reasoning, as to its merits.In this work, we investigate the merits of using open distributed ledgers (ODLs), such as the one implemented by blockchain technology, for securing TM systems for authentication. We formally model such systems, and explore how blockchain can help mitigate attacks against them. After formal argumentation, we conclude that in the context of Trust Management for authentication, blockchain technology, and ODLs in general, can offer considerable advantages compared to previous approaches. Our analysis is, to the best of our knowledge, the first to formally model and argue about the security of TM systems for authentication, based on blockchain technology. To achieve this result, we first provide an abstract model for TM systems for authentication. Then, we show how this model can be conceptually encoded in a blockchain, by expressing it as a series of state transitions. As a next step, we examine five prevalent attacks on TM systems, and provide evidence that blockchain-based solutions can be beneficial to the security of such systems, by mitigating, or completely negating such attacks.Comment: A version of this paper was published in IEEE Trustcom. http://ieeexplore.ieee.org/document/8029486