Optimizing Internet Scanning for Assessing Industrial Systems Exposure

International audienceIndustrial systems are composed of multiple components whose security has not been addressed for a while. Even if recent propositions target to improve it, they are still often exposed to vulnerabilities, since their components are hard to update or replace. In parallel, they tend to be more and more exposed in the public Internet for convenience. Although awareness of such a problem has been raised, there is no precise evaluation of such a risk. In this paper, we define a methodology to measure the exposure of industrial systems through Internet. In particular, a carefully designed scanning approach, named WiScan, is proposed with a low footprint due to the high sensitivity and low resources of targeted systems. It has been applied on the entire IPv4 address space, by targeting specific SCADA ports

Improving the National Cyber-security by Finding Vulnerable Industrial Control Systems from the Internet

Teollisuusautomaatiojärjestelmiä, joita käytetään muun muassa voimantuotannon, sähkönjakelun ja jätevedenpuhdistuksen järjestelmissä, voidaan löytää julkisesta Internetistä. Tarve etähallinnalle ja keskittämiselle, sekä tuotteiden huono suunnittelu ja virheet järjestelmien käyttöönotossa, ovat altistaneet automaatiojärjestelmiä kenen tahansa ulottuville. Yhteiskunnalle tärkeiden kriittisen infrastruktuuriin kuuluvien järjestelmien turvalliseksi saattaminen on tärkeää kansalliselle kyberturvallisuudelle: ongelmat kriittisessä infrastruktuurissa voivat aiheuttaa voimakkaita häiriöitä eri puolilla yhteiskuntaa. Viime vuosina on havaittu kasvava määrä kyberhyökkäyksiä. Sekä rikolliset, että valtiolliset toimijat kehittävät kyberaseita ja myös teollisuusautomaatiojärjestelmiin on kohdistettu hyökkäyksiä. Vuonna 2010 Stuxnet haittaohjelma onnistui tunkeutumaan iranilaisen ydinpolttoaineenrikastamon järjestelmiin ja aiheuttamaan mittavaa fyysistä tuhoa. Tässä työssä esitellään konsepti, jonka avulla voidaan automaattisesti löytää haavoittuvia teollisuusautomaatiojärjestelmiä, ja raportoida löydökset viranomaisille jatkotoimenpiteitä varten. Työssä esitellään myös prototyyppi, jolla testattiin konseptin toimivuutta oikeilla suomalaisilla järjestelmillä Internetin yli: sormenjälkitietokannan ja porttiskannauksen avulla 2913 IP-osoitteesta löydettiin 91 mahdollista teollisuusautomaatiolaitetta. Epäiltyjä teollisuusautomaatiojärjestelmiä pystytään löytämään Internetistä, mutta löydettyjen järjestelmien kriittisyyden ja tärkeyden arvionti ilman tunkeutumista kohteeseen on vaikeaa. Konseptia tehostaisi huomattavasti automaattinen tietoturva-auditointi, jolla tärkeimmät ja haavoittuvaisimmat kohteet voitaisiin paikallistaa ja poistaa näkyviltä nopeasti. Auditointi ilman järjestelmien omistajien lupaa vaatisi kuitenkin muutoksia lainsäädäntöön.Industrial control systems (ICS), which are used to control critical elements of the society's maintenance such as power generation and electricity distribution, are exposed to the Internet as a result of insecure design, and installation faults. Securing critical industrial systems is important for national cyber-security; malfunctioning elements in the critical infrastructure can quickly cascade into wide range of problems in the society. In the recent years increasing amount of cyber-attacks have been observed, and nations and criminals are developing offensive cyber-capabilities; industrial systems are also targeted as was seen with the Stuxnet-malware in 2010 causing havoc in an Iranian uranium enrichment facility. In this thesis a concept is presented to automatically find and evaluate exposed ICSs and report vulnerable devices to authorities for remediation. A prototype of the concept is built to prove the viability of the concept and to get data from port scanning real ICS devices in the Internet. With the prototype, 91 ICS devices were found out of the assigned 2913 IP addresses. Traffic volume produced by the scanner was insignificant compared to overall Finnish Internet traffic. The concept, called KATSE, is viable but not without challenges: ICS devices can definitely be identified from the Internet but analyzing the actual importance and purpose of the devices is difficult. Currently the Finnish legislation does not allow system intrusions or unauthorized security auditing even by authorities. Automated security auditing for the found devices would be useful to find the most vulnerable devices first but such auditing would require a change in legislation

Impact of the Shodan Computer Search Engine on Internet-facing Industrial Control System Devices

The Shodan computer search engine crawls the Internet attempting to identify any connected device. Using Shodan, researchers identified thousands of Internet-facing devices associated with industrial controls systems (ICS). This research examines the impact of Shodan on ICS security, evaluating Shodan\u27s ability to identify Internet-connected ICS devices and assess if targeted attacks occur as a result of Shodan identification. In addition, this research evaluates the ability to limit device exposure to Shodan through service banner manipulation. Shodan\u27s impact was evaluated by deploying four high-interaction, unsolicited honeypots over a 55 day period, each configured to represent Allen-Bradley programmable logic controllers (PLC). All four honeypots were successfully indexed and identifiable via the Shodan web interface in less than 19 days. Despite being indexed, there was no increased network activity or targeted ICS attacks. Although results indicate Shodan is an effective reconnaissance tool, results contrast claims of its use to broadly identify and target Internet-facing ICS devices. Additionally, the service banner for two PLCs were modified to evaluate the impact on Shodan indexing capabilities. Findings demonstrated service banner manipulation successfully limited device exposure from Shodan queries

Teollisuusautomaatiojärjestelmien tunnistus ja luokittelu IP-verkoissa

Industrial Control Systems (ICS) are an essential part of the critical infrastructure of society and becoming increasingly vulnerable to cyber attacks performed over computer networks. The introduction of remote access connections combined with mistakes in automation system configurations expose ICSs to attacks coming from public Internet. Insufficient IT security policies and weaknesses in security features of automation systems increase the risk of a successful cyber attack considerably. In recent years the amount of observed cyber attacks has been on constant rise, signaling the need of new methods for finding and protecting vulnerable automation systems. So far, search engines for Internet connected devices, such as Shodan, have been a great asset in mapping the scale of the problem. In this theses methods are presented to identify and classify industrial control systems over IP based networking protocols. A great portion of protocols used in automation networks contain specific diagnostic requests for pulling identification information from a device. Port scanning methods combined with more elaborate service scan probes can be used to extract identifying data fields from an automation device. Also, a model for automated finding and reporting of vulnerable ICS devices is presented. A prototype software was created and tested with real ICS devices to demonstrate the viability of the model. The target set was gathered from Finnish devices directly connected to the public Internet. Initial results were promising as devices or systems were identified at 99% success ratio. A specially crafted identification ruleset and detection database was compiled to work with the prototype. However, a more comprehensive detection library of ICS device types is needed before the prototype is ready to be used in different environments. Also, other features which help to further assess the device purpose and system criticality would be some key improvements for the future versions of the prototype.Yhteiskunnan kriittiseen infrastruktuuriin kuuluvat teollisuusautomaatiojärjestelmät ovat yhä enemmissä määrin alttiita tietoverkkojen kautta tapahtuville kyberhyökkäyksille. Etähallintayhteyksien yleistyminen ja virheet järjestelmien konfiguraatioissa mahdollistavat hyökkäykset jopa suoraa Internetistä käsin. Puutteelliset tietoturvakäytännöt ja teollisuusautomaatiojärjestelmien heikot suojaukset lisäävät onnistuneen kyberhyökkäyksen riskiä huomattavasti. Viime vuosina kyberhyökkäysten määrä maailmalla on ollut jatkuvassa kasvussa ja siksi tarve uusille menetelmille haavoittuvaisten järjestelmien löytämiseksi ja suojaamiseksi on olemassa. Internetiin kytkeytyneiden laitteiden hakukoneet, kuten Shodan, ovat olleet suurena apuna ongelman laajuuden kartoittamisessa. Tässä työssä esitellään menetelmiä teollisuusautomaatiojärjestelmien tunnistamiseksi ja luokittelemiseksi käyttäen IP-pohjaisia tietoliikenneprotokollia. Suuri osa automaatioverkoissa käytetyistä protokollista sisältää erityisiä diagnostiikkakutsuja laitteen tunnistetietojen selvittämiseksi. Porttiskannauksella ja tarkemmalla palvelukohtaisella skannauksella laitteesta voidaan saada yksilöivää tunnistetietoa. Työssä esitellään myös malli automaattiselle haavoittuvaisten teollisuusautomaatiojärjestelmien löytämiselle ja raportoimiselle. Mallin tueksi esitellään ohjelmistoprototyyppi, jolla mallin toimivuutta testattiin käyttäen testijoukkona oikeita Suomesta löytyviä, julkiseen Internetiin kytkeytyneitä teollisuusautomaatiolaitteita. Prototyypin alustavat tulokset olivat lupaavia: laitteille tai järjestelmille kyettiin antamaan jokin tunniste 99 % tapauksista käyttäen luokittelussa apuna prototyypille luotua tunnistekirjastoa. Ohjelmiston yleisempi käyttö vaatii kuitenkin kattavamman automaatiolaitteiden tunnistekirjaston luomista sekä prototyypin jatkokehitystä: tehokkaampi tunnistaminen edellyttää automaatiojärjestelmien toimintaympäristön ja kriittisyyden tarkempaa analysointia

Energy-Sustainable IoT Connectivity: Vision, Technological Enablers, Challenges, and Future Directions

Technology solutions must effectively balance economic growth, social equity, and environmental integrity to achieve a sustainable society. Notably, although the Internet of Things (IoT) paradigm constitutes a key sustainability enabler, critical issues such as the increasing maintenance operations, energy consumption, and manufacturing/disposal of IoT devices have long-term negative economic, societal, and environmental impacts and must be efficiently addressed. This calls for self-sustainable IoT ecosystems requiring minimal external resources and intervention, effectively utilizing renewable energy sources, and recycling materials whenever possible, thus encompassing energy sustainability. In this work, we focus on energy-sustainable IoT during the operation phase, although our discussions sometimes extend to other sustainability aspects and IoT lifecycle phases. Specifically, we provide a fresh look at energy-sustainable IoT and identify energy provision, transfer, and energy efficiency as the three main energy-related processes whose harmonious coexistence pushes toward realizing self-sustainable IoT systems. Their main related technologies, recent advances, challenges, and research directions are also discussed. Moreover, we overview relevant performance metrics to assess the energy-sustainability potential of a certain technique, technology, device, or network and list some target values for the next generation of wireless systems. Overall, this paper offers insights that are valuable for advancing sustainability goals for present and future generations.Comment: 25 figures, 12 tables, submitted to IEEE Open Journal of the Communications Societ

Use Case Based Blended Teaching of IIoT Cybersecurity in the Industry 4.0 Era

[Abstract] Industry 4.0 and Industrial Internet of Things (IIoT) are paradigms that are driving current industrial revolution by connecting to the Internet industrial machinery, management tools or products so as to control and gather data about them. The problem is that many IIoT/Industry 4.0 devices have been connected to the Internet without considering the implementation of proper security measures, thus existing many examples of misconfigured or weakly protected devices. Securing such systems requires very specific skills, which, unfortunately, are not taught extensively in engineering schools. This article details how Industry 4.0 and IIoT cybersecurity can be learned through practical use cases, making use of a methodology that allows for carrying out audits to students that have no previous experience in IIoT or industrial cybersecurity. The described teaching approach is blended and has been imparted at the University of A Coruña (Spain) during the last years, even during the first semester of 2020, when the university was closed due to the COVID-19 pandemic lockdown. Such an approach is supported by online tools like Shodan, which ease the detection of vulnerable IIoT devices. The feedback results provided by the students show that they consider useful the proposed methodology, which allowed them to find that 13% of the IIoT/Industry 4.0 systems they analyzed could be accessed really easily. In addition, the obtained teaching results indicate that the established course learning outcomes are accomplished. Therefore, this article provides useful guidelines for teaching industrial cybersecurity and thus train the next generation of security researchers and developers.This work has been funded by the Xunta de Galicia (ED431G 2019/01), the Agencia Estatal de Investigación of Spain (TEC2016-75067-C4-1-R, RED2018-102668-T, PID2019-104958RB-C42) and ERDF funds of the EU (AEI/FEDER, UE)Xunta de Galicia; ED431G 2019/0

Contributions to the study and modeling of knowledge development systems

Not availabl

Release characteristics of selected carbon nanotube polymer composites

Multi-walled carbon nanotubes (MWCNTs) are commonly used in polymer formulations to improve strength, conductivity, and other attributes. A developing concern is the potential for carbon nanotube polymer nanocomposites to release nanoparticles into the environment as the polymer matrix degrades or is mechanically stressed. Here, we review characteristics related to release potential of five sets of polymer systems: epoxy, polyamide, polyurethane, polyethylene, and polycarbonate. Our review includes consideration of general characteristics and use of the polymer (as related to potential MWCNT release) and its MWCNT composites; general potential for nanomaterial release (particularly MWCNTs) due to degradation and mechanical stresses during use; and potential effects of stabilizers and plasticizers on polymer degradation. We examine UV degradation, temperature extremes, acid-base catalysis, and stresses such as sanding. Based on a high-level summary of the characteristics considered, the potential for release of MWCNT with typical, intended consumer use is expected to be low. © 2013 Elsevier Ltd. All rights reserved

Optimisation of surface coverage paths used by a non-contact robot painting system

This thesis proposes an efficient path planning technique for a non-contact optical “painting” system that produces surface images by moving a robot mounted laser across objects covered in photographic emulsion. In comparison to traditional 3D planning approaches (e.g. laminar slicing) the proposed algorithm dramatically reduces the overall path length by optimizing (i.e. minimizing) the amounts of movement between robot configurations required to position and orientate the laser. To do this the pixels of the image (i.e. points on the surface of the object) are sequenced using configuration space rather than Cartesian space. This technique extracts data from a CAD model and then calculates the configuration that the five degrees of freedom system needs to assume to expose individual pixels on the surface. The system then uses a closest point analysis on all the major joints to sequence the points and create an efficient path plan for the component. The implementation and testing of the algorithm demonstrates that sequencing points using a configuration based method tends to produce significantly shorter paths than other approaches to the sequencing problem. The path planner was tested with components ranging from simple to complex and the paths generated demonstrated both the versatility and feasibility of the approach

Electrospun fiber based colorimetric probes for aspartate aminotransferase and I7ß-estradiol

Fabrication, characterization and application of electrospun polymer composite based colorimetric probes are presented in this thesis. The first part of the thesis involved the development of a protocol for in situ reduction of gold trication (Au³+) into metallic gold atoms with sodium borohydride. The prepared PS-Au NPs showed an SPR band at 542 nm. Furthermore the absorbance of the colloidal Au NPs in polystyrene exhibited a good linear correlation (r2 = 0.9934) to E2 concentration in the range 5 to 50 ppb. The lowest naked eye detection limit was found to be 0.5 ppb and could further be easily monitored by UV-vis spectrophotometer. Upon interaction with E2 Au NPs aggregated to give nanoparticle clusters, confirmed through TEM analysis. Different concentrations of Au NPs were found to have a significant effect on the conductivity of the PS-Au NPs solution. At low concentrations of Au NPs (0.002, 0.015 and 0.025% w/v) PS-Au NPs solution could be electrospun without clogging. The FE-SEM images showed a non-beaded morphology of PS-Au NPs composite fibers. Upon interaction of the colorimetric probe strips with various E2 concentrations it was observed that with increasing E2 concentrations (50 ng/ml to 1000 µg/ml) the colour of the probe changed gradually from white to shades of pink and eventually to shades of blue at higher E2 concentrations. The visible cut-off concentration was 100 ng/ml. The second component of the thesis focussed on the development of diazonium dye-nylon 6 colorimetric probe for aspartate aminotransferase. At optimal pH 7.4 the enzyme was stable, highly active and catalyzed a reaction that was susceptible to detailed kinetic analysis by continuous optical methods. The KM values for L-aspartate, a- ketoglutarate and oxaloacetate were 2.60, 0.59 and 0.066 mM, respectively. On the basis of these KM values the solid-state colorimetric probe was developed. A colour change occurred when an electrospun dye-N 6 probes were exposed to visibly detectable concentrations of oxaloacetate, an AST-catalyzed reaction product. While monitoring AST activity at 530 run, a linear relation was obtained between oxaloacetate concentrations ranging from 0.4 - 7.4 µg/ml. Naked eye detection limit of 2.4 µg/ml oxalaoacetate equivalence of 10 times the normal AST activity was attained. The colorimetric probe was in addition, tested against co-substrates aspartate, ketoglutarate and a variety of other compounds such as alanine, pryruvate, as well as glutamic, malaic and succinic acids known to interfere with AST activity. Each compound elicited a distinct and unambiguous colour change upon interaction with the colorimetric probe. Further X-ray powder diffraction (XRD), duNouy ring tensiometer, Brunauer- Emmett- Teller (BET) and energy dispersive X-ray spectroscopy (EDS/EDX) characterization confirmed composition and stability of the colorimetric probes. Colorimetric probes developed in this thesis are relatively cost effective, simple and "rugged" for measurement of analytes with visual detection without sample pretreatment in matrices, such as plasma and dairy effluents. The probes warrant further investigation as they have shown potential and offer a promising solid-state platform for both clinical diagnostics and environmental monitoring