A prototype security hardened field device for SCADA systems.

This thesis describes the development of a prototype security hardened field device (such as a remote terminal unit) based on commodity hardware and implementing a previously developed security architecture. This security architecture has not been implemented in the past due to the difficulty of providing an operating system which meets the architecture\u27s isolation requirements. Recent developments in both hardware and software have made such an operating system possible, opening the door to the implementation and development of this new security architecture in physical devices attached to supervisory control and data acquisition (SCADA) systems. A prototype is developed using commodity hardware selected for similarity to existing industrial systems and making use of the new OKL4 operating system. Results of prototype development are promising, showing performance values which are adequate for a broad range for industrial applications

The Viability and Potential Consequences of IoT-Based Ransomware

With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

Optimizing the performance of the advanced encryption standard techniques for secured data transmission

Information security has emerged as a critical concern in data communications. The use of cryptographic methods is one approach for ensuring data security. A cryptography implementation often consists of complex algorithms that are used to secure the data. Several security techniques, including the Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), Twofish, Rivest-Shamir-Adleman (RSA), Elliptic curve cryptography, and many others, have been created and are used in the data encryption process. However, the Advanced Encryption Standard (Rijndael) has received a lot of attention recently due to its effectiveness and level of security. To increase the scope of AES's numerous uses, it is crucial to develop high-performance AES. To enhance the processing time of AES methods, the research provided solution performance of the AES algorithm. This includes additional layers of encoding, decoding, shrinking and expansion techniques of the analysis that was performed. Data findings are produced for further actions based on the outcome

Construction, Operation and Maintenance of Network System(Junior Level)

This open access book follows the development rules of network technical talents, simultaneously placing its focus on the transfer of network knowledge, the accumulation of network skills, and the improvement of professionalism. Through the complete process from the elaboration of the theories of network technology to the analysis of application scenarios then to the design and implementation of case projects, readers are enabled to accumulate project experience and eventually acquire knowledge and cultivate their ability so as to lay a solid foundation for adapting to their future positions. This book comprises six chapters, which include “General Operation Safety of Network System,” “Cabling Project,” “Hardware Installation of Network System,” “Basic Knowledge of Network System,” “Basic Operation of Network System,” and “Basic Operation and Maintenance of Network System.” This book can be used for teaching and training for the vocational skills certification of network system construction, operation, and maintenance in the pilot work of Huawei’s “1+X” Certification System, and it is also suitable as a textbook for application-oriented universities, vocational colleges, and technical colleges. In the meantime, it can also serve as a reference book for technicians engaged in network technology development, network management and maintenance, and network system integration. As the world’s leading ICT (information and communications technology) infrastructure and intelligent terminal provider, Huawei Technologies Co., Ltd. has covered many fields such as data communication, security, wireless, storage, cloud computing, intelligent computing, and artificial intelligence. Taking Huawei network equipment (routers, switches, wireless controllers, and wireless access points) as the platform, and based on network engineering projects, this book organizes all the contents according to the actual needs of the industry

Construction, Operation and Maintenance of Network System(Junior Level)

This open access book follows the development rules of network technical talents, simultaneously placing its focus on the transfer of network knowledge, the accumulation of network skills, and the improvement of professionalism. Through the complete process from the elaboration of the theories of network technology to the analysis of application scenarios then to the design and implementation of case projects, readers are enabled to accumulate project experience and eventually acquire knowledge and cultivate their ability so as to lay a solid foundation for adapting to their future positions. This book comprises six chapters, which include “General Operation Safety of Network System,” “Cabling Project,” “Hardware Installation of Network System,” “Basic Knowledge of Network System,” “Basic Operation of Network System,” and “Basic Operation and Maintenance of Network System.” This book can be used for teaching and training for the vocational skills certification of network system construction, operation, and maintenance in the pilot work of Huawei’s “1+X” Certification System, and it is also suitable as a textbook for application-oriented universities, vocational colleges, and technical colleges. In the meantime, it can also serve as a reference book for technicians engaged in network technology development, network management and maintenance, and network system integration. As the world’s leading ICT (information and communications technology) infrastructure and intelligent terminal provider, Huawei Technologies Co., Ltd. has covered many fields such as data communication, security, wireless, storage, cloud computing, intelligent computing, and artificial intelligence. Taking Huawei network equipment (routers, switches, wireless controllers, and wireless access points) as the platform, and based on network engineering projects, this book organizes all the contents according to the actual needs of the industry

Efficient and Secure Multicast in WirelessMAN: A Cross-layer Design

Effectively adding security measures to a multicast service is an intriguing problem, especially when the service isdeployed in a wireless setting. Next generation IEEE 802.16standard WirelessMAN networks are a perfect example of this problem, and the latest draft specification of the standard includes a secure protocol solution called Multicast and Broadcast Rekeying Algorithm (MBRA). In this paper, we expose the security problems of MBRA, including non-scalability and omission of backward and forward secrecy, and propose new approaches, ELAPSE and ELAPSE+, to address these problems. In particular, ELAPSE+ makes use of membership and mobility information gathered in the application layer to augment the adaptive group management in the MAC layer. We analyze the security property of ELAPSE and ELAPSE+, and compare their performances with MBRA by simulating group rekeying scenarios