Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems

Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available

Uncovering Network Perimeter Vulnerabilities in Cisco Routers According to Requirements Defined in Pci Dss 2.0

According to the Payment Card Industry (PCI), over 500 million records containing sensitive cardholder data have been breached since January 2005. Merchants accepting credit and debit cards are at the center of payment card transactions, making it crucial that standard security procedures and technologies are employed to thwart cardholder data theft. Numerous organizations have experienced embarrassing breaches, which lead to losses of credit card data, including Starbucks, California Pizza Kitchen, and TJX Companies. This paper examined an action research methodology to test the security of a network router and remediate all the vulnerabilities that caused it to fail the requirements of the Payment Card Industry Data Security Standards (PCI DSS). The basic functions of a router include packet forwarding, sharing routing information with adjacent routers, packet filtering, network address translation (NAT), and encrypting or decrypting packets. Since a router is traditionally installed at the perimeter of a network, it plays an important role in network security. By following the approach of this study, administrators should understand how employing a network vulnerability scanner to test a host can illuminate hidden security risks. This study also demonstrated how to use the results of the vulnerability scan to harden a host to ensure it complied with the Payment Card Industry\u27s (PCI DSS) requirements

Determining the effectiveness of deceptive honeynets

Over the last few years, incidents of network based intrusions have rapidly increased, due to the increase and popularity of various attack tools easily available for download from the Internet. Due to this increase in intrusions, the concept of a network defence known as Honeypots developed. These honeypots are designed to ensnare attackers and monitor their activities. Honeypots use the principles of deception such as masking, mimicry, decoying, inventing, repackaging and dazzling to deceive attackers. Deception exists in various forms. It is a tactic to survive and defeat the motives of attackers. Due to its presence in the nature, deception has been widely used during wars and now in Information Systems. This thesis considers the current state of honeypot technology as well as describes the framework of how to improve the effectiveness of honeypots through the effective use of deception. In this research, a legitimate corporate deceptive network is created using Honeyd (a type of honeypot) which is attacked and improved using empirical learning approach. The data collected during the attacking exercise were analysed, using various measures, to determine the effectiveness of the deception in the honeypot network created using honeyd. The results indicate that the attackers were deceived into believing the honeynet was a real network which instead was a deceptive network

Whether using encryption in SCADA systems, the services performance requirements are still met in OT IT environment over an MPLS core network?

A Research Project Abstract submitted in fulfillment of the requirements for Master of Science in Engineering [Electrical]: Telecommunications at the University Of The Witwatersrand, Johannesburg 07 June 2016Utilities use Supervisory Control and Data Acquisition systems as their industrial control system. The architecture of these systems in the past was based on them being isolated from other networks. Now with recent ever changing requirements of capabilities from these systems there is a need to converge with information technology systems and with the need to have these industrial networks communicating on packet switched networks there are cyber security concerns that come up. This research project looks at the whether using encryption in an IP/MPLS core network for SCADA in an OT IT environment has an effect on the performance requirements. This was done through an experimental simulation with the results recorded. The research project also looks at the key literature study considerations. The key research question for the research project of this MSc 50/50 mini-thesis is “whether using encryption in SCADA systems, the services performance requirements are still met in OT/ IT environment over an MPLS core network”? The research project seeks to determine if SCADA performance requirements are met over an encrypted MPLS/IP core network in an OT/IT environment. The key focus area of the research project is only encryption in the whole cyber security value chain versus SCADA services performances. This means that the research project only focused on the encryption portion of the whole cyber security value chain and the scope did not focus on other aspects of the value chain. This suffices for an MSc 50/50 mini-thesis research project as a focus on the whole value chain would require a full MSc thesis. Thus the primary objective for the research project is to research and demonstrate that encryption is essential for secure SCADA communication over a MPLS/IP core network. As aforementioned encryption forms an essential part of the Cyber Security value chain which has to achieve the following objectives. Confidentiality: ensuring that the information source is really from that source. Integrity: ensuring that the information has not been altered in any way. Availability: ensuring that system is not comprised but that it is available. These objectives of encryption should be met with SCADA service performance requirements not violated which is the objective of the research project.M T 201

A SGAM-based test platform to develop a scheme for wide area measurement-free monitoring of smart grids under high PV penetration

© 2019 by the authors. In order to systematically shift existing control and management paradigms in distribution systems to new interoperable communication supported schemes in smart grids, we need to map newly developed use cases to standard reference models like Smart Grid Architecture Model (SGAM). From the other side, any new use cases should be tested and validated ex-ante before being deployed in the real-world system. Considering various types of actors in smart grids, use cases are usually tested using co-simulation platforms. Currently, there is no efficient co-simulation platform which supports interoperability analysis based on SGAM. In this paper, we present our developed test platform which offers a support to design new use cases based on SGAM. We used this platform to develop a new scheme for wide area monitoring of existing distribution systems under growing penetration of Photovoltaic production. Off-the-shelf solutions of state estimation for wide area monitoring are either used for passive distribution grids or applied to the active networks with wide measurement of distributed generators. Our proposed distribution state estimation algorithm does not require wide area measurements and relies on the data provided by a PV simulator we developed. This practical scheme is tested experimentally on a realistic urban distribution grid. The monitoring results shows a very low error rate of about 1% by using our PV simulator under high penetration of PV with about 30% error of load forecast. Using our SGAM-based platform, we could propose and examine an Internet-of-Things-based infrastructure to deploy the use case

A DEFINITIVE INTEROPERABILITY TEST METHODOLOGY FOR THE MALICIOUS ACTIVITY SIMULATION TOOL (MAST)

The threat of degradation or disruption from cyber infiltration, espionage, and theft to militarily and nationally critical information and network systems poses a significant challenge to DoD and DON. To mitigate this challenge, network administrators must be trained to properly recognize and defend against malicious activity. The Malicious Activity Simulation Tool (MAST), a software program under development at NPS, mimics the behavior and impact of network-based malware in an effort to train the administrators of operational DoD networks both to respond to the threats such materials present to their networks and to assess their competence in recognizing and responding to such threats. In order for MAST to achieve its potential as an acceptable assessment and training tool, it must first be shown to present no new threat to the environment for which it was designed. This thesis develops a step-by-step testing procedure, the execution of which will demonstrate that MAST can perform at a level commensurate with current criteria for operating securely on DoD networks. Additionally, this thesis discusses the quantitative testing environment and current testing and implementation methods and criteria for new cyber hardware and software programs of record in the DoD.http://archive.org/details/adefinitiveinter1094532834Lieutenant, United States NavyApproved for public release; distribution is unlimited

The Good, the Bad, and the Actively Verified

We believe that we can use active probing for compromise recovery. Our intent is to exploit the differences in behavior between compromised and uncompromised systems and use that information to identify those which are not behaving as expected. Those differences may indicate a deviation in either con figuration or implementation from what we expect on the network, either of which suggests that the misbehaving entity might not be trustworthy. In this work, we propose and build a case for a method for using altered behavior directly resulting from or introduced as a side-effect of the compromise of a network service to detect the presence of such a compromise. We use several case studies to illustrate our technique, and demonstrate its feasibility with a software tool developed using our method

Development of an M-commerce security framework

Research shows how M-Commerce has managed to find its way to previously inaccessible parts of the world as a major Information and Communication Technologies (ICT) tool for development due to widespread introduction of mobile phones in remote areas. M-Commerce has offered valuable advantages: anytime, anywhere, more personal, more location-aware, more context-aware, more age aware, always online and instant connectivity. But this is not without its problems, of which security is high on the list. The security issues span the whole M-Commerce spectrum, from the top to the bottom layer of the OSI network protocol stack, from machines to humans. This research proposes a threat-mitigation modular framework to help address the security issues lurking in M-Commerce systems being used by marginalised rural community members. The research commences with a literature survey carried out to establish security aspects related to M-Commerce and to determine requirements for a security framework. The framework classifies M-Commerce security threat-vulnerability-risks into four levels: human behaviour and mobile device interaction security, mobile device security, M-Commerce access channel security, wireless network access security. This is followed by a review of the supporting structures or related frameworks that the proposed framework could leverage to address security issues on M-Commerce systems as ICT4D initiatives. The proposed security framework based on the requirements discovered is then presented. As a proof-of-concept, a case study was undertaken at the Siyakhula Living Lab at Dwesa in the Eastern Cape province of South Africa in order to validate the components of the proposed framework. Following the application of the framework in a case study, it can be argued that the proposed security framework allows for secure transacting by marginalised users using M-Commerce initiatives. The security framework is therefore useful in addressing the identified security requirements of M-Commerce in ICT4D contexts

Cyber-security of Cyber-Physical Systems (CPS)

This master's thesis reports on security of a Cyber-Physical System (CPS) in the department of industrial engineering at UiT campus Narvik. The CPS targets connecting distinctive robots in the laboratory in the department of industrial engineering. The ultimate objective of the department is to propose such a system for the industry. The thesis focuses on the network architecture of the CPS and the availability principle of security. This report states three research questions that are aimed to be answered. The questions are: what a secure CPS architecture for the purpose of the existing system is, how far the current state of system is from the defined secure architecture, and how to reach the proposed architecture. Among the three question, the first questions has absorbed the most attention of this project. The reason is that a secure and robust architecture would provide a touchstone that makes answering the second and third questions easier. In order to answer the questions, Cisco SAFE for IoT threat defense for manufacturing approach is chosen. The architectural approach of Cisco SAFE for IoT, with similarities to the Cisco SAFE for secure campus networks, provides a secure network architecture based on business flows/use cases and defining related security capabilities. This approach supplies examples of scenarios, business flows, and security capabilities that encouraged selecting it. It should be noted that Cisco suggests its proprietary technologies for security capabilities. According to the need of the project owners and the fact that allocating funds are not favorable for them, all the suggested security capabilities are intended to be open-source, replacing the costly Cisco-proprietary suggestions. Utilizing the approach and the computer networking fundamentals resulted in the proposed secure network architecture. The proposed architecture is used as a touchstone to evaluate the existing state of the CPS in the department of industrial engineering. Following that, the required security measures are presented to approach the system to the proposed architecture. Attempting to apply the method of Cisco SAFE, the identities using the system and their specific activities are presented as the business flow. Based on the defined business flow, the required security capabilities are selected. Finally, utilizing the provided examples of Cisco SAFE documentations, a complete network architecture is generated. The architecture consists of five zones that include the main components, security capabilities, and networking devices (such as switches and access points). Investigating the current state of the CPS and evaluating it by the proposed architecture and the computer networking fundamentals, helped identifying six important shortcomings. Developing on the noted shortcomings, and identification of open-source alternatives for the Cisco-proprietary technologies, nine security measures are proposed. The goal is to perform all the security measures. Thus, the implementations and solutions for each security measure is noted at the end of the presented results. The security measures that require purchasing a device were not considered in this project. The reasons for this decision are the time-consuming process of selecting an option among different alternatives, and the prior need for grasping the features of the network with the proposed security capabilities; features such as amount and type of traffic inside the network, and possible incidents detected using an Intrusion Detection Prevention System. The attempts to construct a secure cyber-physical system is an everlasting procedure. New threats, best practices, guidelines, and standards are introduced on a daily basis. Moreover, business needs could vary from time to time. Therefore, the selected security life-cycle is required and encouraged to be used in order to supply a robust lasting cyber-physical system