3,872 research outputs found
Dynamic Bayesian Games for Adversarial and Defensive Cyber Deception
Security challenges accompany the efficiency. The pervasive integration of
information and communications technologies (ICTs) makes cyber-physical systems
vulnerable to targeted attacks that are deceptive, persistent, adaptive and
strategic. Attack instances such as Stuxnet, Dyn, and WannaCry ransomware have
shown the insufficiency of off-the-shelf defensive methods including the
firewall and intrusion detection systems. Hence, it is essential to design
up-to-date security mechanisms that can mitigate the risks despite the
successful infiltration and the strategic response of sophisticated attackers.
In this chapter, we use game theory to model competitive interactions between
defenders and attackers. First, we use the static Bayesian game to capture the
stealthy and deceptive characteristics of the attacker. A random variable
called the \textit{type} characterizes users' essences and objectives, e.g., a
legitimate user or an attacker. The realization of the user's type is private
information due to the cyber deception. Then, we extend the one-shot
simultaneous interaction into the one-shot interaction with asymmetric
information structure, i.e., the signaling game. Finally, we investigate the
multi-stage transition under a case study of Advanced Persistent Threats (APTs)
and Tennessee Eastman (TE) process. Two-Sided incomplete information is
introduced because the defender can adopt defensive deception techniques such
as honey files and honeypots to create sufficient amount of uncertainties for
the attacker. Throughout this chapter, the analysis of the Nash equilibrium
(NE), Bayesian Nash equilibrium (BNE), and perfect Bayesian Nash equilibrium
(PBNE) enables the policy prediction of the adversary and the design of
proactive and strategic defenses to deter attackers and mitigate losses
Game Theory for Cyber Deception: A Tutorial
Deceptive and anti-deceptive technologies have been developed for various
specific applications. But there is a significant need for a general, holistic,
and quantitative framework of deception. Game theory provides an ideal set of
tools to develop such a framework of deception. In particular, game theory
captures the strategic and self-interested nature of attackers and defenders in
cybersecurity. Additionally, control theory can be used to quantify the
physical impact of attack and defense strategies. In this tutorial, we present
an overview of game-theoretic models and design mechanisms for deception and
counter-deception. The tutorial aims to provide a taxonomy of deception and
counter-deception and understand how they can be conceptualized, quantified,
and designed or mitigated. This tutorial gives an overview of diverse
methodologies from game theory that includes games of incomplete information,
dynamic games, mechanism design theory to offer a modern theoretic underpinning
of cyberdeception. The tutorial will also discuss open problems and research
challenges that the HoTSoS community can address and contribute with an
objective to build a multidisciplinary bridge between cybersecurity, economics,
game and decision theory.Comment: arXiv admin note: substantial text overlap with arXiv:1808.0806
Probing Attacks on Physical Layer Key Agreement for Automotive Controller Area Networks (Extended Version)
Efficient key management for automotive networks (CAN) is a critical element,
governing the adoption of security in the next generation of vehicles. A recent
promising approach for dynamic key agreement between groups of nodes,
Plug-and-Secure for CAN, has been demonstrated to be information theoretically
secure based on the physical properties of the CAN bus. In this paper, we
illustrate side-channel attacks, leading to nearly-complete leakage of the
secret key bits, by an adversary that is capable of probing the CAN bus. We
identify the fundamental characteristics that lead to such attacks and propose
techniques to minimize the information leakage at the hardware, controller and
system levels.Comment: Presented at ESCAR Europe 201
Security and Protocol Exploit Analysis of the 5G Specifications
The Third Generation Partnership Project (3GPP) released its first 5G
security specifications in March 2018. This paper reviews the 5G security
architecture, requirements and main processes and evaluates them in the context
of known and new protocol exploits. Although the security has been enhanced
when compared to previous generations to tackle known protocol exploits, our
analysis identifies some potentially unrealistic system assumptions that are
critical for security as well as a number protocol edge cases that could render
5G systems vulnerable to adversarial attacks. For example, null encryption and
null authentication are supported and can be used in valid system
configurations, and certain key security functions are still left outside of
the scope of the specifications. Moreover, the prevention of pre-authentcation
message exploits appears to rely on the implicit assumption of impractical
carrier and roaming agreements and the management of public keys from all
global operators. In parallel, existing threats such as International Mobile
Subscriber Identity (IMSI) catchers are prevented only if the serving network
enforces optional security features and if the UE knows the public key of the
home network operator. The comparison with 4G LTE protocol exploits reveals
that the 5G security specifications, as of Release 15, do not fully address the
user privacy and network availability concerns, where one edge case can
compromise the privacy, security and availability of 5G users and services
The Untold Secrets of Operational Wi-Fi Calling Services: Vulnerabilities, Attacks, and Countermeasures
Since 2016, all of four major U.S. operators have rolled out nationwide Wi-Fi
calling services. They are projected to surpass VoLTE (Voice over LTE) and
other VoIP services in terms of mobile IP voice usage minutes in 2018. They
enable mobile users to place cellular calls over Wi-Fi networks based on the
3GPP IMS (IP Multimedia Subsystem) technology. Compared with conventional
cellular voice solutions, the major difference lies in that their traffic
traverses untrustful Wi-Fi networks and the Internet. This exposure to insecure
networks may cause the Wi-Fi calling users to suffer from security threats. Its
security mechanisms are similar to the VoLTE, because both of them are
supported by the IMS. They include SIM-based security, 3GPP AKA (Authentication
and Key Agreement), IPSec (Internet Protocol Security), etc. However, are they
sufficient to secure Wi-Fi calling services? Unfortunately, our study yields a
negative answer. We conduct the first study of exploring security issues of the
operational Wi-Fi calling services in three major U.S. operators' networks
using commodity devices. We disclose that current Wi-Fi calling security is not
bullet-proof and uncover four vulnerabilities which stem from improper standard
designs, device implementation issues and network operation slips. By
exploiting the vulnerabilities, together with several state-of-the-art computer
visual recognition technologies, we devise two proof-of-concept attacks: user
privacy leakage and telephony harassment or denial of voice service (THDoS);
both of them can bypass the security defenses deployed on mobile devices and
the network infrastructure. We have confirmed their feasibility and simplicity
using real-world experiments, as well as assessed their potential damages and
proposed recommended solutions
Light Ears: Information Leakage via Smart Lights
Modern Internet-enabled smart lights promise energy efficiency and many
additional capabilities over traditional lamps. However, these connected lights
create a new attack surface, which can be maliciously used to violate users'
privacy and security. In this paper, we design and evaluate novel attacks that
take advantage of light emitted by modern smart bulbs in order to infer users'
private data and preferences. The first two attacks are designed to infer
users' audio and video playback by a systematic observation and analysis of the
multimedia-visualization functionality of smart light bulbs. The third attack
utilizes the infrared capabilities of such smart light bulbs to create a
covert-channel, which can be used as a gateway to exfiltrate user's private
data out of their secured home or office network. A comprehensive evaluation of
these attacks in various real-life settings confirms their feasibility and
affirms the need for new privacy protection mechanisms
CSAI: Open-Source Cellular Radio Access Network Security Analysis Instrument
This paper presents our methodology and toolbox that allows analyzing the
radio access network security of laboratory and commercial 4G and future 5G
cellular networks. We leverage a free open-source software suite that
implements the LTE UE and eNB enabling real-time signaling using software radio
peripherals. We modify the UE software processing stack to act as an LTE packet
collection and examination tool. This is possible because of the openness of
the 3GPP specifications. Hence, we are able to receive and decode LTE downlink
messages for the purpose of analyzing potential security problems of the
standard. This paper shows how to rapidly prototype LTE tools and build a
software-defined radio access network (RAN) analysis instrument for research
and education. Using CSAI, the Cellular RAN Security Analysis Instrument, a
researcher can analyze broadcast and paging messages of cellular networks. CSAI
is also able to test networks to aid in the identification of vulnerabilities
and verify functionality post-remediation. Additionally, we found that it can
crash an eNB which motivates equivalent analyses of commercial network
equipment and its robustness against denial of service attacks.Comment: 6 pages, 6 figures, Submitted to IEEE GLOBECOM 201
Control Challenges for Resilient Control Systems
In this chapter, we introduce methods to address resiliency issues for
control systems. The main challenge for control systems is its cyber-physical
system nature which strongly couples the cyber systems with physical layer
dynamics. Hence the resiliency issues for control systems need to be addressed
by integrating the cyber resiliency with the physical layer resiliency. We
introduce frameworks that can provide a holistic view of the control system
resiliency and a quantitative design paradigm that can enable an optimal
cross-layer and cross-stage design at the planning, operation, and recovery
stage of control systems. The control systems are often large-scale systems in
industrial application and critical infrastructures. Decentralized control of
such systems is indispensable. We extend the resiliency framework to address
distributed and collaborative resiliency among decentralized control agents
Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees
Recent work has demonstrated significant anonymity vulnerabilities in
Bitcoin's networking stack. In particular, the current mechanism for
broadcasting Bitcoin transactions allows third-party observers to link
transactions to the IP addresses that originated them. This lays the groundwork
for low-cost, large-scale deanonymization attacks. In this work, we present
Dandelion++, a first-principles defense against large-scale deanonymization
attacks with near-optimal information-theoretic guarantees. Dandelion++ builds
upon a recent proposal called Dandelion that exhibited similar goals. However,
in this paper, we highlight simplifying assumptions made in Dandelion, and show
how they can lead to serious deanonymization attacks when violated. In
contrast, Dandelion++ defends against stronger adversaries that are allowed to
disobey protocol. Dandelion++ is lightweight, scalable, and completely
interoperable with the existing Bitcoin network. We evaluate it through
experiments on Bitcoin's mainnet (i.e., the live Bitcoin network) to
demonstrate its interoperability and low broadcast latency overhead
On the Reliable Detection of Concept Drift from Streaming Unlabeled Data
Classifiers deployed in the real world operate in a dynamic environment,
where the data distribution can change over time. These changes, referred to as
concept drift, can cause the predictive performance of the classifier to drop
over time, thereby making it obsolete. To be of any real use, these classifiers
need to detect drifts and be able to adapt to them, over time. Detecting drifts
has traditionally been approached as a supervised task, with labeled data
constantly being used for validating the learned model. Although effective in
detecting drifts, these techniques are impractical, as labeling is a difficult,
costly and time consuming activity. On the other hand, unsupervised change
detection techniques are unreliable, as they produce a large number of false
alarms. The inefficacy of the unsupervised techniques stems from the exclusion
of the characteristics of the learned classifier, from the detection process.
In this paper, we propose the Margin Density Drift Detection (MD3) algorithm,
which tracks the number of samples in the uncertainty region of a classifier,
as a metric to detect drift. The MD3 algorithm is a distribution independent,
application independent, model independent, unsupervised and incremental
algorithm for reliably detecting drifts from data streams. Experimental
evaluation on 6 drift induced datasets and 4 additional datasets from the
cybersecurity domain demonstrates that the MD3 approach can reliably detect
drifts, with significantly fewer false alarms compared to unsupervised feature
based drift detectors. The reduced false alarms enables the signaling of drifts
only when they are most likely to affect classification performance. As such,
the MD3 approach leads to a detection scheme which is credible, label efficient
and general in its applicability
- …