1,415 research outputs found
A Real-Time Remote IDS Testbed for Connected Vehicles
Connected vehicles are becoming commonplace. A constant connection between
vehicles and a central server enables new features and services. This added
connectivity raises the likelihood of exposure to attackers and risks
unauthorized access. A possible countermeasure to this issue are intrusion
detection systems (IDS), which aim at detecting these intrusions during or
after their occurrence. The problem with IDS is the large variety of possible
approaches with no sensible option for comparing them. Our contribution to this
problem comprises the conceptualization and implementation of a testbed for an
automotive real-world scenario. That amounts to a server-side IDS detecting
intrusions into vehicles remotely. To verify the validity of our approach, we
evaluate the testbed from multiple perspectives, including its fitness for
purpose and the quality of the data it generates. Our evaluation shows that the
testbed makes the effective assessment of various IDS possible. It solves
multiple problems of existing approaches, including class imbalance.
Additionally, it enables reproducibility and generating data of varying
detection difficulties. This allows for comprehensive evaluation of real-time,
remote IDS.Comment: Peer-reviewed version accepted for publication in the proceedings of
the 34th ACM/SIGAPP Symposium On Applied Computing (SAC'19
Cloaking the Clock: Emulating Clock Skew in Controller Area Networks
Automobiles are equipped with Electronic Control Units (ECU) that communicate
via in-vehicle network protocol standards such as Controller Area Network
(CAN). These protocols are designed under the assumption that separating
in-vehicle communications from external networks is sufficient for protection
against cyber attacks. This assumption, however, has been shown to be invalid
by recent attacks in which adversaries were able to infiltrate the in-vehicle
network. Motivated by these attacks, intrusion detection systems (IDSs) have
been proposed for in-vehicle networks that attempt to detect attacks by making
use of device fingerprinting using properties such as clock skew of an ECU. In
this paper, we propose the cloaking attack, an intelligent masquerade attack in
which an adversary modifies the timing of transmitted messages in order to
match the clock skew of a targeted ECU. The attack leverages the fact that,
while the clock skew is a physical property of each ECU that cannot be changed
by the adversary, the estimation of the clock skew by other ECUs is based on
network traffic, which, being a cyber component only, can be modified by an
adversary. We implement the proposed cloaking attack and test it on two IDSs,
namely, the current state-of-the-art IDS and a new IDS that we develop based on
the widely-used Network Time Protocol (NTP). We implement the cloaking attack
on two hardware testbeds, a prototype and a real connected vehicle, and show
that it can always deceive both IDSs. We also introduce a new metric called the
Maximum Slackness Index to quantify the effectiveness of the cloaking attack
even when the adversary is unable to precisely match the clock skew of the
targeted ECU.Comment: 11 pages, 13 figures, This work has been accepted to the 9th ACM/IEEE
International Conference on Cyber-Physical Systems (ICCPS
MiniCPS: A toolkit for security research on CPS Networks
In recent years, tremendous effort has been spent to modernizing
communication infrastructure in Cyber-Physical Systems (CPS) such as Industrial
Control Systems (ICS) and related Supervisory Control and Data Acquisition
(SCADA) systems. While a great amount of research has been conducted on network
security of office and home networks, recently the security of CPS and related
systems has gained a lot of attention. Unfortunately, real-world CPS are often
not open to security researchers, and as a result very few reference systems
and topologies are available. In this work, we present MiniCPS, a CPS
simulation toolbox intended to alleviate this problem. The goal of MiniCPS is
to create an extensible, reproducible research environment targeted to
communications and physical-layer interactions in CPS. MiniCPS builds on
Mininet to provide lightweight real-time network emulation, and extends Mininet
with tools to simulate typical CPS components such as programmable logic
controllers, which use industrial protocols (Ethernet/IP, Modbus/TCP). In
addition, MiniCPS defines a simple API to enable physical-layer interaction
simulation. In this work, we demonstrate applications of MiniCPS in two example
scenarios, and show how MiniCPS can be used to develop attacks and defenses
that are directly applicable to real systems.Comment: 8 pages, 6 figures, 1 code listin
Developing and Deploying Security Applications for In-Vehicle Networks
Radiological material transportation is primarily facilitated by heavy-duty
on-road vehicles. Modern vehicles have dozens of electronic control units or
ECUs, which are small, embedded computers that communicate with sensors and
each other for vehicle functionality. ECUs use a standardized network
architecture--Controller Area Network or CAN--which presents grave security
concerns that have been exploited by researchers and hackers alike. For
instance, ECUs can be impersonated by adversaries who have infiltrated an
automotive CAN and disable or invoke unintended vehicle functions such as
brakes, acceleration, or safety mechanisms. Further, the quality of security
approaches varies wildly between manufacturers. Thus, research and development
of after-market security solutions have grown remarkably in recent years. Many
researchers are exploring deployable intrusion detection and prevention
mechanisms using machine learning and data science techniques. However, there
is a gap between developing security system algorithms and deploying prototype
security appliances in-vehicle. In this paper, we, a research team at Oak Ridge
National Laboratory working in this space, highlight challenges in the
development pipeline, and provide techniques to standardize methodology and
overcome technological hurdles.Comment: 10 pages, PATRAM 2
Software Defined Networks based Smart Grid Communication: A Comprehensive Survey
The current power grid is no longer a feasible solution due to
ever-increasing user demand of electricity, old infrastructure, and reliability
issues and thus require transformation to a better grid a.k.a., smart grid
(SG). The key features that distinguish SG from the conventional electrical
power grid are its capability to perform two-way communication, demand side
management, and real time pricing. Despite all these advantages that SG will
bring, there are certain issues which are specific to SG communication system.
For instance, network management of current SG systems is complex, time
consuming, and done manually. Moreover, SG communication (SGC) system is built
on different vendor specific devices and protocols. Therefore, the current SG
systems are not protocol independent, thus leading to interoperability issue.
Software defined network (SDN) has been proposed to monitor and manage the
communication networks globally. This article serves as a comprehensive survey
on SDN-based SGC. In this article, we first discuss taxonomy of advantages of
SDNbased SGC.We then discuss SDN-based SGC architectures, along with case
studies. Our article provides an in-depth discussion on routing schemes for
SDN-based SGC. We also provide detailed survey of security and privacy schemes
applied to SDN-based SGC. We furthermore present challenges, open issues, and
future research directions related to SDN-based SGC.Comment: Accepte
- …