Memory Access Monitoring and Disguising of Process Information to Avoid Attacks to Essential Services

To prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address this problems and provide more complexity to process identification, this paper proposes a memory access monitoring by using a virtual machine monitor. By manipulating the page access permission, a virtual machine monitor detects page access, which includes process information, and replaces it with dummy information. This paper presents the design, implementation, and evaluation of the proposed method

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

Preventing and handling phishing attacks

Phishing (also known as carding and spoofing) is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message (IM)). It is a form of social engineering attack. Customers of banks throughout the world have been victims of phishing. This paper covers the technologies and security flaws phishers exploit to conduct their attacks, and provides advice on security measures that can be employed by financial service providers such as Banks in order to prevent and handle phishing attacks. The customers’ perspective is also considered.VI Workshop de Procesamiento Distribuido y Paralelo (WPDP)Red de Universidades con Carreras en Informática (RedUNCI

A Survey on Wireless Sensor Network Security

Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes is also very likely in real-life deployment scenarios. Due to resource constraints in the sensor nodes, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs. Security in sensor networks is, therefore, a particularly challenging task. This paper discusses the current state of the art in security mechanisms for WSNs. Various types of attacks are discussed and their countermeasures presented. A brief discussion on the future direction of research in WSN security is also included.Comment: 24 pages, 4 figures, 2 table

Vulnerability Assessment and Privacy-preserving Computations in Smart Grid

Modern advances in sensor, computing, and communication technologies enable various smart grid applications which highlight the vulnerability that requires novel approaches to the field of cybersecurity. While substantial numbers of technologies have been adopted to protect cyber attacks in smart grid, there lacks a comprehensive review of the implementations, impacts, and solutions of cyber attacks specific to the smart grid.In this dissertation, we are motivated to evaluate the security requirements for the smart grid which include three main properties: confidentiality, integrity, and availability. First, we review the cyber-physical security of the synchrophasor network, which highlights all three aspects of security issues. Taking the synchrophasor network as an example, we give an overview of how to attack a smart grid network. We test three types of attacks and show the impact of each attack consisting of denial-of-service attack, sniffing attack, and false data injection attack.Next, we discuss how to protect against each attack. For protecting availability, we examine possible defense strategies for the associated vulnerabilities.For protecting data integrity, a small-scale prototype of secure synchrophasor network is presented with different cryptosystems. Besides, a deep learning based time-series anomaly detector is proposed to detect injected measurement. Our approach observes both data measurements and network traffic features to jointly learn system states and can detect attacks when state vector estimator fails.For protecting data confidentiality, we propose privacy-preserving algorithms for two important smart grid applications. 1) A distributed privacy-preserving quadratic optimization algorithm to solve Security Constrained Optimal Power Flow (SCOPF) problem. The SCOPF problem is decomposed into small subproblems using the Alternating Direction Method of Multipliers (ADMM) and gradient projection algorithms. 2) We use Paillier cryptosystem to secure the computation of the power system dynamic simulation. The IEEE 3-Machine 9-Bus System is used to implement and demonstrate the proposed scheme. The security and performance analysis of our implementations demonstrate that our algorithms can prevent chosen-ciphertext attacks at a reasonable cost

Identifying the Strengths and Weaknesses of Over-the-Shoulder Attack Resistant Prototypical Graphical Authentication Schemes

Authentication verifies users’ identities to protect against costly attacks. Graphical authentication schemes utilize pictures as passcodes rather than strings of characters. Pictures have been found to be more memorable than the strings of characters used in alphanumeric passwords. However, graphical passcodes have been criticized for being susceptible to Over-the-Shoulder Attacks (OSA). To overcome this concern, many graphical schemes have been designed to be resistant to OSA. Security to this type of attack is accomplished by grouping targets among distractors, translating the selection of targets elsewhere, disguising targets, and using gaze-based input. Prototypical examples of graphical schemes that use these strategies to bolster security against OSAs were directly compared in within-subjects runoffs in studies 1 and 2. The first aim of this research was to discover the current usability limitations of graphical schemes. The data suggested that error rates are a common issue among graphical passcodes attempting to resist OSAs. Studies 3 and 4 investigated the memorability of graphical passcodes when users need to remember multiple passcodes or longer passcodes. Longer passcodes provide advantages to security by protecting against brute force attacks, and multiple passcodes need to be investigated as users need to authenticate for numerous accounts. It was found that participants have strong item retention for passcodes of up to eight images and for up to eight accounts. Also these studies leveraged context to facilitate memorability. Context slightly improved the memorability of graphical passcodes when participants needed to remember credentials for eight accounts. These studies take steps toward understanding the readiness of graphical schemes as an authentication option

Cyber-risks in the Industrial Internet of Things (IIoT): towards a method for continuous assessment.

Continuous risk monitoring is considered in the context of cybersecurity management for the Industrial Internet-of-Thing. Cyber risk management best practice is for security controls to be deployed and configured in order to bring down risk exposure to an acceptable level. However, threats and known vulnerabilities are subject to change, and estimates of risk are subject to many uncertainties, so it is important to review risk assessments and update controls when required. Risks are typically reviewed periodically (e.g. once per month), but the accelerating pace of change means that this approach is not sustainable, and there is a requirement for continuous monitoring of cybersecurity risks. The method described in this paper aims to alert security staff of significant changes or trends in estimated risk exposure to facilitate rational and timely decisions. Additionally, it helps predict the success and impact of a nascent security breach allowing better prioritisation of threats and selection of appropriate responses. The method is illustrated using a scenario based on environmental control in a data centre

Attacks on the Android Platform

The focus of this research revolves around Android platform security, specifically Android malware attacks and defensive techniques. Android is a mobile operating system developed by Google, based on the Linux kernel and designed primarily for touchscreen mobile devices such as smartphones and tablets. With the rise of device mobility in our data-driven world, Android constitutes most of the operating systems on these mobile devices playing a dominant role in today’s world. Hence, this paper analyzes attacks and the various defensive mechanisms that have been proposed to prevent those attacks

Preventing and handling phishing attacks

Phishing (also known as carding and spoofing) is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message (IM)). It is a form of social engineering attack. Customers of banks throughout the world have been victims of phishing. This paper covers the technologies and security flaws phishers exploit to conduct their attacks, and provides advice on security measures that can be employed by financial service providers such as Banks in order to prevent and handle phishing attacks. The customers’ perspective is also considered.VI Workshop de Procesamiento Distribuido y Paralelo (WPDP)Red de Universidades con Carreras en Informática (RedUNCI