3,435 research outputs found
Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On
Single Sign-On (SSO) systems simplify login procedures by using an an
Identity Provider (IdP) to issue authentication tokens which can be consumed by
Service Providers (SPs). Traditionally, IdPs are modeled as trusted third
parties. This is reasonable for SSO systems like Kerberos, MS Passport and
SAML, where each SP explicitely specifies which IdP he trusts. However, in open
systems like OpenID and OpenID Connect, each user may set up his own IdP, and a
discovery phase is added to the protocol flow. Thus it is easy for an attacker
to set up its own IdP. In this paper we use a novel approach for analyzing SSO
authentication schemes by introducing a malicious IdP. With this approach we
evaluate one of the most popular and widely deployed SSO protocols - OpenID. We
found four novel attack classes on OpenID, which were not covered by previous
research, and show their applicability to real-life implementations. As a
result, we were able to compromise 11 out of 16 existing OpenID implementations
like Sourceforge, Drupal and ownCloud. We automated discovery of these attacks
in a open source tool OpenID Attacker, which additionally allows fine-granular
testing of all parameters in OpenID implementations. Our research helps to
better understand the message flow in the OpenID protocol, trust assumptions in
the different components of the system, and implementation issues in OpenID
components. It is applicable to other SSO systems like OpenID Connect and SAML.
All OpenID implementations have been informed about their vulnerabilities and
we supported them in fixing the issues
IMPROVING SMART GRID SECURITY USING MERKLE TREES
Abstract—Presently nations worldwide are starting to convert their aging electrical power infrastructures into modern, dynamic power grids. Smart Grid offers much in the way of efficiencies and robustness to the electrical power grid, however its heavy reliance on communication networks will leave it more vulnerable to attack than present day grids. This paper looks at the threat to public key cryptography systems from a fully realized quantum computer and how this could impact the Smart Grid. We argue for the use of Merkle Trees in place of public key cryptography for authentication of devices in wireless mesh networks that are used in Smart Grid applications
Cybersecurity analysis of a SCADA system under current standards, client requisites, and penetration testing
Supervisory Control and Data Acquisition (SCADA) systems are essential for monitoring and controlling a country's Critical Infrastructures (CI) such as electrical power grids, gas, water supply, and transportation services. These systems used to be mostly isolated and secure, but this is no longer true due to the use of wider and interconnected communication networks to reap benefits such as scalability, reliability, usability, and integration. This architectural change together with the critical importance of these systems made them desirable cyber-attack targets. Just as in other Information Technology (IT) systems, standards and best practices have been developed to provide guidance for SCADA developers to increase the security of their systems against cyber-attacks.With the assistance of EFACEC, this work provides an analysis of a SCADA system under current standards, client requisites, and testing of vulnerabilities in an actual prototype system. Our aim is to provide guidance by example on how to evaluate and improve the security of SCADA systems, using a basic prototype of EFACEC's ScateX# SCADA system, following both a theoretical and practical approach. For the theoretical approach, a list of the most commonly adopted ICS (Industrial Control Systems) and IT standards is compiled, and then sets of a generic client's cybersecurity requisites are analyzed and confronted with the prototype's specifications. A study of the system's architecture is also performed to identify vulnerabilities and non-compliances with both the client's requisites and the standards and, for the identified vulnerabilities, corrective and mitigation measures are suggested. For the practical approach, a threat model was developed to help identify desirable assets on SCADA systems and possible attack vectors that could allow access to such assets. Penetration tests were performed on the prototype in order to validate the attack vectors, to evaluate compliance, and to provide evidence of the effectiveness of the corrective measures
Evil-twin framework: a Wi-Fi intrusion testing framework for pentesters
In today’s world there is no scarcity of Wi-Fi hotspots. Although users are
always recommended to join protected networks to ensure they are secure, this is
by far not their only concern. The convenience of easily connecting to a Wi-Fi
hotspot has left security holes wide open for attackers to abuse. This stresses the
concern about the lack of security on the client side of Wi-Fi capable technologies.
The Wi-Fi communications security has been a concern since it was first deployed. On one hand protocols like WPA2 have greatly increased the security of
the communications between clients and access points, but how can one know if
the access point is legitimate in the first place?
Nowadays, with the help of open-source software and the great amount of free
information it is easily possible for a malicious actor to create a Wi-Fi network
with the purpose of attracting Wi-Fi users and tricking them into connecting to a
illegitimate Wi-Fi access point. The risk of this vulnerability becomes clear when
studying client side behaviour in Wi-Fi communications where these actively seek
out to access points in order to connect to them automatically. In many situations
they do this even if there is no way of verifying the legitimacy of the access point
they are connecting to.
Attacks on the Wi-Fi client side have been known for over a decade but there
still aren’t any effective ways to properly protect users from falling victims to these.
Based on the presented issues there is a clear need in both, securing the Wi-Fi
client side communications as well as raising awareness of the Wi-Fi technologies
everyday users about the risks they are constantly facing when using them.
The main contribution from this project will be a Wi-Fi vulnerability analysis
and exploitation framework. The framework will focus on client-side vulnerabilities
but also on extensibility for any type of Wi-Fi attack. The tool is intended to be
used by auditors (penetration testers - pentesters) when performing intrusion tests
on Wi-Fi networks. It also serves as a proof-of-concept tool meant to teach and
raise awareness about the risks involved when using Wi-Fi technologies.Actualmente existem inúmeros pontos de acesso Wi-Fi. Apesar dos utilizadores
serem sempre recomendados a utilizar redes protegidas, esta não é a única preocupação que devem ter. A conveniência de nos ligarmos facilmente a um ponto de
acesso deixou grandes falhas de segurança em aberto para atacantes explorarem.
Isto acentua a preocupação em relação à carência de segurança do lado cliente
em tecnologias Wi-Fi. A segurança nas comunicações Wi-Fi foi uma preocupação
desde os dias em que esta tecnologia foi primeiramente lançada. Por um lado,
protocolos como o WPA2 aumentaram consideravelmente a segurança das comunicações Wi-Fi entre os pontos de acesso e os seus clientes, mas como saber, em
primeiro lugar, se o ponto de acesso é legítimo? Hoje em dia, com a ajuda de
software de código aberto e a imensa quantidade de informação gratuita, é fácil
para um atacante criar uma rede Wi-Fi falsa com o objetivo de atrair clientes. O
risco desta vulnerabilidade torna-se óbvio ao estudar o comportamento do lado do
cliente Wi-Fi. O cliente procura activamente redes conhecidas de forma a ligar-se
automaticamente a estas. Em muitos casos os clientes ligam-se sem interação do
utilizador mesmo em situações em que a legitimidade do ponto de acesso não é
verificável. Ataques ao lado cliente das tecnologias Wi-Fi já foram descobertos há
mais de uma década, porém continuam a não existirem formas eficazes de proteger
os clientes deste tipo de ataques.
Com base nos problemas apresentados existe uma necessidade clara de proteger
o lado cliente das comunicações Wi-Fi e ao mesmo tempo sensibilizar e educar
os utilizadores de tecnologias Wi-Fi dos perigos que advêm da utilização destas
tecnologias. A contribuição mais relevante deste projeto será a publicação de
uma ferramenta para análise de vulnerabilidades e ataques em comunicações WiFi. A ferramenta irá focar-se em ataques ao cliente mas permitirá extensibilidade
de funcionalidades de forma a possibilitar a implementação de qualquer tipo de
ataques sobre Wi-Fi. A ferramenta deverá ser utilizada por auditores de segurança
durante testes de intrusão Wi-Fi. Tem também como objetivo ser uma ferramenta
educacional e de prova de conceitos de forma a sensibilizar os utilizadores das
tecnologias Wi-Fi em relação aos riscos e falhas de segurança destas
SHARKS: Smart Hacking Approaches for RisK Scanning in Internet-of-Things and Cyber-Physical Systems based on Machine Learning
Cyber-physical systems (CPS) and Internet-of-Things (IoT) devices are
increasingly being deployed across multiple functionalities, ranging from
healthcare devices and wearables to critical infrastructures, e.g., nuclear
power plants, autonomous vehicles, smart cities, and smart homes. These devices
are inherently not secure across their comprehensive software, hardware, and
network stacks, thus presenting a large attack surface that can be exploited by
hackers. In this article, we present an innovative technique for detecting
unknown system vulnerabilities, managing these vulnerabilities, and improving
incident response when such vulnerabilities are exploited. The novelty of this
approach lies in extracting intelligence from known real-world CPS/IoT attacks,
representing them in the form of regular expressions, and employing machine
learning (ML) techniques on this ensemble of regular expressions to generate
new attack vectors and security vulnerabilities. Our results show that 10 new
attack vectors and 122 new vulnerability exploits can be successfully generated
that have the potential to exploit a CPS or an IoT ecosystem. The ML
methodology achieves an accuracy of 97.4% and enables us to predict these
attacks efficiently with an 87.2% reduction in the search space. We demonstrate
the application of our method to the hacking of the in-vehicle network of a
connected car. To defend against the known attacks and possible novel exploits,
we discuss a defense-in-depth mechanism for various classes of attacks and the
classification of data targeted by such attacks. This defense mechanism
optimizes the cost of security measures based on the sensitivity of the
protected resource, thus incentivizing its adoption in real-world CPS/IoT by
cybersecurity practitioners.Comment: This article has been accepted in IEEE Transactions on Emerging
Topics in Computing. 17 pages, 12 figures, IEEE copyrigh
Analysis of security impact of making mShield an IPv4 to IPv6 converter box
info:eu-repo/semantics/acceptedVersio
A Study of Wireless Network Security
I intend to make a survey in wireless data security since wireless networks are very common, both for organizations and individuals. Many laptop computers have wireless cards pre-installed. The ability to enter a wireless network has great benefits. However, wireless networking has many security issues. Hackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into wired network. As a result, it\u27s very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
My survey research may involve these following aspects: wireless network architecture, data security in wireless networks, secure data storage in wireless networks and so forth
Security Frameworks for Machine-to-Machine Devices and Networks
Attacks against mobile systems have escalated over the past decade. There have been increases of fraud, platform attacks, and malware. The Internet of Things (IoT) offers a new attack vector for Cybercriminals. M2M contributes to the growing number of devices that use wireless systems for Internet connection. As new applications and platforms are created, old vulnerabilities are transferred to next-generation systems. There is a research gap that exists between the current approaches for security framework development and the understanding of how these new technologies are different and how they are similar. This gap exists because system designers, security architects, and users are not fully aware of security risks and how next-generation devices can jeopardize safety and personal privacy. Current techniques, for developing security requirements, do not adequately consider the use of new technologies, and this weakens countermeasure implementations. These techniques rely on security frameworks for requirements development. These frameworks lack a method for identifying next generation security concerns and processes for comparing, contrasting and evaluating non-human device security protections. This research presents a solution for this problem by offering a novel security framework that is focused on the study of the “functions and capabilities” of M2M devices and improves the systems development life cycle for the overall IoT ecosystem
- …