Passive OS Fingerprinting Prototype Demonstration

Operating system identification of communicating devices plays an important part in network protection. However, current networks are large and change often which implies the need for a system that will be able to continuously monitor the network and handle changes in identified operating systems. In this paper, we propose an architecture of an OS fingerprinting system based on passive network monitoring and a graph-based data model to store and present information about operating systems in the network. We implemented the proposed architecture and tested it on the backbone network of Masaryk University. Our results suggest that it is suitable for monitoring a large network with tens of thousands of actively communicating devices

Enabling environmental fingerprinting with an NFC-powered sensor board

Abstract. In recent times, people have become concerned about their environmental conditions, amid deteriorating global statistics on bad air quality, global warming and UV light exposure. Conventional technologies for reading environmental conditions are expensive, bulky and situated, yet, people are mobile and need portable tools to be aware of their immediate environmental conditions on demand. Smartphones are now widely used, endowed with sensors and wireless communication technologies such as Bluetooth, and Near Field Communication (NFC) for external sensor connectivity, making smartphones a viable tool for fingerprinting the environment. This thesis outlines the design, evaluation and implementation of a mobile-enabled system for environmental data collection using a portable NFC powered sensor board. The name of the system developed in this thesis is the S3 system. The S3 system is a two-tier system which consists of S3 Android application and an online dashboard with a data repository. The S3 Android application is used for collecting and visualising environmental data; temperature, humidity, UV, ambient light, with a smartphone and a credit card-size NFC powered sensor board. The sensor data is then periodically synced to the online data repository. Additional features of the S3 application include automated feedback sampling, introductory tutorial, and user preference settings. The thesis further details the design and implementation process with scenarios, use cases, paper sketches, expert review of sketches, interface mockups, evaluation of prototype with a user study, quantitative and qualitative analysis of user study data, and finally the implementation of the S3 application. The thesis also presents a test run to demonstrate the capabilities of the S3 system as a mobile-enabled solution for crowdsourced environmental fingerprint datasets. To the end user, the work in this thesis provides the S3 application and the NFC powered sensor card as a portable tool for personalised environmental fingerprinting. On the other hand, the intervention in this thesis will have an impact on research since the crowdsourced environmental fingerprint datasets can be valuable datasets for research. As a TEKES project, the solution also provides a proof of concept for further improvement and deployment into the commercial software market

From Attack to Defense: Toward Secure In-vehicle Networks

New security breaches in vehicles are emerging due to software-driven Electronic Control Units (ECUs) and wireless connectivity of modern vehicles. These trends have introduced more remote surfaces/endpoints that an adversary can exploit and, in the worst case, use to control the vehicle remotely. Researchers have demonstrated how vulnerabilities in remote endpoints can be exploited to compromise ECUs, access in-vehicle networks, and control vehicle maneuvers. To detect and prevent such vehicle cyber attacks, researchers have also developed and proposed numerous countermeasures (e.g., Intrusion Detection Systems and message authentication schemes). However, there still remain potentially critical attacks that existing defense schemes can neither detect/prevent nor consider. Moreover, existing defense schemes lack certain functionalities (e.g., identifying the message transmitter), thus not providing strong protection for safety-critical ECUs against in-vehicle network attacks. With all such unexplored and unresolved security issues, vehicles and drivers/passengers will remain insecure. This dissertation aims to fill this gap by 1) unveiling a new important and critical vulnerability applicable to several in-vehicle networks (including the Controller Area Network (CAN), the de-facto standard protocol), 2) proposing a new Intrusion Detection System (IDS) which can detect not only those attacks that have already been demonstrated or discussed in literature, but also those that are more acute and cannot be detected by state-of-the-art IDSes, 3) designing an attacker identification scheme that provides a swift pathway for forensic, isolation, security patch, etc., and 4) investigating what an adversary can achieve while the vehicle’s ignition is off. First, we unveil a new type of Denial-of-Service (DoS) attack called the bus-off attack that, ironically, exploits the error-handling scheme of in-vehicle networks. That is, their fault-confinement mechanism — which has been considered as one of their major advantages in providing fault-tolerance and robustness — is used as an attack vector. Next, we propose a new anomaly-based IDS that detects intrusions based on the extracted fingerprints of ECUs. Such a capability overcomes the deficiency of existing IDSes and thus detects a wide range of in-vehicle network attacks, including those existing schemes cannot. Then, we propose an attacker identification scheme that provides a swift pathway for forensic, isolation, and security patch. This is achieved by fingerprinting ECUs based on CAN voltage measurements. It takes advantage of the fact that voltage outputs of each ECU are slightly different from each other due to their differences in supply voltage, ground voltage, resistance values, etc. Lastly, we propose two new attack methods called the Battery-Drain and the Denial-of-Body-control attacks through which an adversary can disable parked vehicles with the ignition off. These attacks invalidate the conventional belief that vehicle cyber attacks are feasible and thus their defenses are required only when the vehicles ignition is on.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/144125/1/ktcho_1.pd

A tourism overcrowding sensor using multiple radio techniques detection

The motivation for this dissertation came from the touristic pressure felt in the historic neighborhoods of Lisbon. This pressure is the result of the rise in the number of touristic arrivals and the proliferation of local accommodation. To mitigate this problem the research project in which this dissertation is inserted aims to disperse the pressure felt by routing the tourists to more sustainable locations and locations that are not crowded. The goal of this dissertation is then to develop a crowding sensor to detect, in real-time, the number of persons in its vicinity by detecting how many smartphones it observes in its readings. The proposed solution aims to detect the wireless trace elements generated by the normal usage of smartphones. The technologies in which the sensor will detect devices are Wi-Fi, Bluetooth and the mobile network. For testing the results gathered by the sensor we developed a prototype that was deployed on our campus and in a museum, during an event with strong attendance. The data gathered was stored in a time-series database and a data visualization tool was used to interpret the results. The overall conclusions of this dissertation are that it is possible to build a sensor that detects nearby devices thereby allowing to detect overcrowding situations. The prototype built allows to detect crowd mobility patterns. The composition of technologies and identity unification are topics deserving future research.A motivação para a presente dissertação surgiu da pressão turística sentida nos bairros históricos de Lisboa. Esta pressão é a consequência de um crescimento do número de turistas e de uma cada vez maior utilização e proliferação do alojamento local. Para mitigar este problema o projeto de investigação em que esta dissertação está inserida pretende dispersar os turistas por locais sustentáveis e que não estejam sobrelotados. O objetivo desta dissertação é o de desenvolver um sensor que consiga detetar, em tempo real, detetar quantas pessoas estão na sua proximidade com base nos smartphones que consegue detetar. A solução proposta tem como objetivo detetar os traços gerados pela normal utilização de um smartphone. As tecnologias nas quais o sensor deteta traços de utilização são Wi-Fi, Bluetooth e a rede móvel. Para realizar os testes ao sensor, foi desenvolvido um protótipo que foi instalado no campus e num museu durante um evento de grande afluência. Os dados provenientes destes testes foram guardados numa base de dados de séries temporais e analisados usando uma ferramenta de visualização de dados. As conclusões obtidas nesta dissertação são que é possível criar um sensor capaz de detetar dispositivos na sua proximidade e detetar situações de sobrelotação/apinhamento. O protótipo contruído permite detectar padrões de mobilidade de multidões. A composição de tecnologias e a unificação de identidade são problemas que requerem investigação futura

Web application penetration test: Proposal for a generic web application testing methodology

Nowadays, Security Management is beginning to become a priority for most companies. The primary aim is to prevent unauthorized identities from accessing classified information and using it against the organization. The best way to mitigate hacker attacks is to learn their methodologies. There are numerous ways to do it, but the most common is based on Penetration Tests, a simulation of an attack to verify the security of a system or environment to be analyzed. This test can be performed through physical means utilizing hardware or through social engineering. The objective of this test is to examine, under extreme circumstances, the behavior of systems, networks, or personnel devices, to identify their weaknesses and vulnerabilities. This dissertation will present an analysis of the State of the Art related to penetration testing, the most used tools and methodologies, its comparison, and the most critical web application vulnerabilities. With the goal of developing a generic security testing methodology applicable to any Web application, an actual penetration test to the web application developed by VTXRM – Software Factory (Accipiens) will be described, applying methods and Open-Source software step by step to assess the security of the different components of the system that hosts Accipiens. At the end of the dissertation, the results will be exposed and analyzed.Atualmente, a Gestão de Segurança da Informação começa a tornar-se uma prioridade para a maioria das Empresas, com o principal objetivo de impedir que identidades não autorizadas acedam a informações confidenciais e as utilizem contra a organização. Uma das melhores formas de mitigar os possíveis ataques é aprender com as metodologias dos atacantes. Existem inúmeras formas de o fazer, mas a mais comum baseia-se na realização de Testes de Intrusão, uma simulação de um ataque para verificar a segurança de um sistema ou ambiente a ser analisado. Este teste pode ser realizado através de meios físicos utilizando hardware, através de engenharia social e através de vulnerabilidades do ambiente. O objetivo deste teste é examinar, em circunstâncias extremas, o comportamento de sistemas, redes, ou dispositivos pessoais, para identificar as suas fraquezas e vulnerabilidades. Nesta dissertação será apresentada uma análise ao estado da arte relacionada com testes de penetração, as ferramentas e metodologias mais utilizadas, uma comparação entre elas, serão também explicadas algumas das vulnerabilidades mais críticas em aplicações web. O objetivo é o desenvolvimento de uma metodologia genérica de testes de intrusão, ambicionando a sua aplicabilidade e genericidade em aplicações web, sendo esta aplicada e descrita num teste de intrusão real à aplicação web desenvolvida pela VTXRM – Software Factory (Accipiens), aplicando passo a passo métodos e softwares Open-Source com o objetivo de analisar a segurança dos diferentes componentes do sistema no qual o Accipiens está instalado. No final serão apresentados os resultados do mesmo e a sua análise

Integrated ZigBee RFID sensor networks for resource tracking and monitoring in logistics management

The Radio Frequency Identification (RFID), which includes passive and active systems and is the hottest Auto-ID technology nowadays, and the wireless sensor network (WSN), which is one of the focusing topics on monitoring and control, are two fast-growing technologies that have shown great potential in future logistics management applications. However, an information system for logistics applications is always expected to answer four questions: Who, What, When and Where (4Ws), and neither of the two technologies is able to provide complete information for all of them. WSN aims to provide environment monitoring and control regarded as When and What , while RFID focuses on automatic identification of various objects and provides Who (ID). Most people usually think RFID can provide Where at all the time. But what normal passive RFID does is to tell us where an object was the last time it went through a reader, and normal active RFID only tells whether an object is presenting on site. This could sometimes be insufficient for certain applications that require more accurate location awareness, for which a system with real-time localization (RTLS), which is an extended concept of RFID, will be necessary to answer Where constantly. As WSN and various RFID technologies provide information for different but complementary parts of the 4Ws, a hybrid system that gives a complete answer by combining all of them could be promising in future logistics management applications. Unfortunately, in the last decade those technologies have been emerging and developing independently, with little research been done in how they could be integrated. This thesis aims to develop a framework for the network level architecture design of such hybrid system for on-site resource management applications in logistics centres. The various architectures proposed in this thesis are designed to address different levels of requirements in the hierarchy of needs, from single integration to hybrid system with real-time localization. The contribution of this thesis consists of six parts. Firstly, two new concepts, Reader as a sensor and Tag as a sensor , which lead to RAS and TAS architectures respectively, for single integrations of RFID and WSN in various scenarios with existing systems; Secondly, a integrated ZigBee RFID Sensor Network Architecture for hybrid integration; Thirdly, a connectionless inventory tracking architecture (CITA) and its battery consumption model adding location awareness for inventory tracking in Hybrid ZigBee RFID Sensor Networks; Fourthly, a connectionless stochastic reference beacon architecture (COSBA) adding location awareness for high mobility target tracking in Hybrid ZigBee RFID Sensor Networks; Fifthly, improving connectionless stochastic beacon transmission performance with two proposed beacon transmission models, the Fully Stochastic Reference Beacon (FSRB) model and the Time Slot Based Stochastic Reference Beacon (TSSRB) model; Sixthly, case study of the proposed frameworks in Humanitarian Logistics Centres (HLCs). The research in this thesis is based on ZigBee/IEEE802.15.4, which is currently the most widely used WSN technology. The proposed architectures are demonstrated through hardware implementation and lab tests, as well as mathematic derivation and Matlab simulations for their corresponding performance models. All the tests and simulations of my designs have verified feasibility and features of our designs compared with the traditional systems

Ensuring compliance with data privacy and usage policies in online services

Online services collect and process a variety of sensitive personal data that is subject to complex privacy and usage policies. Complying with the policies is critical, often legally binding for service providers, but it is challenging as applications are prone to many disclosure threats. We present two compliance systems, Qapla and Pacer, that ensure efficient policy compliance in the face of direct and side-channel disclosures, respectively. Qapla prevents direct disclosures in database-backed applications (e.g., personnel management systems), which are subject to complex access control, data linking, and aggregation policies. Conventional methods inline policy checks with application code. Qapla instead specifies policies directly on the database and enforces them in a database adapter, thus separating compliance from the application code. Pacer prevents network side-channel leaks in cloud applications. A tenant’s secrets may leak via its network traffic shape, which can be observed at shared network links (e.g., network cards, switches). Pacer implements a cloaked tunnel abstraction, which hides secret-dependent variation in tenant’s traffic shape, but allows variations based on non-secret information, enabling secure and efficient use of network resources in the cloud. Both systems require modest development efforts, and incur moderate performance overheads, thus demonstrating their usability.Onlinedienste sammeln und verarbeiten eine Vielzahl sensibler persönlicher Daten, die komplexen Datenschutzrichtlinien unterliegen. Die Einhaltung dieser Richtlinien ist häufig rechtlich bindend für Dienstanbieter und gleichzeitig eine Herausforderung, da Fehler in Anwendungsprogrammen zu einer unabsichtlichen Offenlegung führen können. Wir präsentieren zwei Compliance-Systeme, Qapla und Pacer, die Richtlinien effizient einhalten und gegen direkte und indirekte Offenlegungen durch Seitenkanäle schützen. Qapla verhindert direkte Offenlegungen in datenbankgestützten Anwendungen. Herkömmliche Methoden binden Richtlinienprüfungen in Anwendungscode ein. Stattdessen gibt Qapla Richtlinien direkt in der Datenbank an und setzt sie in einem Datenbankadapter durch. Die Konformität ist somit vom Anwendungscode getrennt. Pacer verhindert Netzwerkseitenkanaloffenlegungen in Cloud-Anwendungen. Geheimnisse eines Nutzers können über die Form des Netzwerkverkehr offengelegt werden, die bei gemeinsam genutzten Netzwerkelementen (z. B. Netzwerkkarten, Switches) beobachtet werden kann. Pacer implementiert eine Tunnelabstraktion, die Geheimnisse im Netzwerkverkehr des Nutzers verbirgt, jedoch Variationen basier- end auf nicht geheimen Informationen zulässt und eine sichere und effiziente Nutzung der Netzwerkressourcen in der Cloud ermöglicht. Beide Systeme erfordern geringen Entwicklungsaufwand und verursachen einen moderaten Leistungsaufwand, wodurch ihre Nützlichkeit demonstriert wird