11,191 research outputs found
Hidden and Uncontrolled - On the Emergence of Network Steganographic Threats
Network steganography is the art of hiding secret information within innocent
network transmissions. Recent findings indicate that novel malware is
increasingly using network steganography. Similarly, other malicious activities
can profit from network steganography, such as data leakage or the exchange of
pedophile data. This paper provides an introduction to network steganography
and highlights its potential application for harmful purposes. We discuss the
issues related to countering network steganography in practice and provide an
outlook on further research directions and problems.Comment: 11 page
Integrated survey for the reconstruction of the Papal Basilica and the Sacred Convent of St. Francis in Assisi, Italy
The Papal Basilica and the Sacred Convent of Saint Francis in Assisi in Italy are characterized by unique and composite particularities that need an exhaustive knowledge of the sites themselves to guarantee visitor's security and safety, considering all the people and personnel normally present in the site, visitors with disabilities and finally the needs for cultural heritage preservation and protection. This aim can be reached using integrated systems and innovative technologies, such as Internet of Everything (IoE), which can connect people, things (smart sensors, devices and actuators; mobile terminals; wearable devices; etc.), data/information/knowledge and processes to reach the wanted objectives. The IoE system must implement and support an Integrated Multidisciplinary Model for Security and Safety Management (IMMSSM) for the specific context, using a multidisciplinary approach. The purpose of the paper is to illustrate the integrated survey for the reconstruction of the considered site that was necessary to obtain all the necessary information to start to set up the considered IMMSSM and the related IoE based technological system
A semantic approach to reachability matrix computation
The Cyber Security is a crucial aspect of networks management. The Reachability Matrix computation is one of the main challenge in this field. This paper presents an intelligent solution in order to address the Reachability Matrix computational proble
Security risk assessment and protection in the chemical and process industry
This article describes a security risk assessment and protection methodology that was developed for use in the chemical- and process industry in Belgium. The approach of the method follows a risk-based approach that follows desing principles for chemical safety. That approach is beneficial for workers in the chemical industry because they recognize the steps in this model from familiar safety models .The model combines the rings-of-protection approach with generic security practices including: management and procedures, security technology (e.g. CCTV, fences, and access control), and human interactions (pro-active as well as re-active). The method is illustrated in a case-study where a practical protection plan was developed for an existing chemical company. This chapter demonstrates that the method is useful for similar chemical- and process industrial activities far beyond the Belgian borders, as well as for cross-industrial security protection. This chapter offers an insight into how the chemical sector protects itself on the one hand, and an insight into how security risk management can be practiced on the other hand
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
- …