13,778 research outputs found
Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things
Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control
components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and
isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to
compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and
gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be
drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior
management uses these links to monitor production processes and inform strategic planning. The Industrial Internet
of Things represents another step in this evolution – enabling the coordination of physically distributed resources
from a centralized location. The growing range and sophistication of these interconnections create additional
security concerns for the operation and management of safety-critical systems. This paper uses lessons learned
from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention
is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North
America
Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge
The Internet of Things (IoT) triggers new types of cyber risks. Therefore,
the integration of new IoT devices and services requires a self-assessment of
IoT cyber security posture. By security posture this article refers to the
cybersecurity strength of an organisation to predict, prevent and respond to
cyberthreats. At present, there is a gap in the state of the art, because there
are no self-assessment methods for quantifying IoT cyber risk posture. To
address this gap, an empirical analysis is performed of 12 cyber risk
assessment approaches. The results and the main findings from the analysis is
presented as the current and a target risk state for IoT systems, followed by
conclusions and recommendations on a transformation roadmap, describing how IoT
systems can achieve the target state with a new goal-oriented dependency model.
By target state, we refer to the cyber security target that matches the generic
security requirements of an organisation. The research paper studies and adapts
four alternatives for IoT risk assessment and identifies the goal-oriented
dependency modelling as a dominant approach among the risk assessment models
studied. The new goal-oriented dependency model in this article enables the
assessment of uncontrollable risk states in complex IoT systems and can be used
for a quantitative self-assessment of IoT cyber risk posture
Security Analysis of the Internet of Things Using Digital Forensic and Penetration Testing Tools
We exist in a universe where everything is related to the internet or each other like smart TVs, smart telephones, smart thermostat, cars and more. Internet of Things has become one of the most talked about technologies across the world and its applications range from the control of home appliances in a smart home to the control of machines on the production floor of an industry that requires less human intervention in performing basic daily tasks. Internet of Things has rapidly developed without adequate attention given to the security and privacy goals involved in its design and implementation. This document contains three research projects all centered on how to improve user\u27s data privacy and security in the Internet of Things. The first research provides a detailed analysis of the Internet of Things architecture, some security vulnerabilities, and countermeasures. We went on to discuss some solutions to these issues and presented some available Internet of Things simulators that could be used to test Internet of Things systems. In the second research, we explored privacy and security challenges faced by consumers of smart devices in this case we used an Amazon Echo Dot as our case study. During this research, we were able to compare two different digital forensic tools to see which performed better at extracting information from the device and if the device observes best practices for user data privacy. In the third research project, we used a tool called GATTacker to exploit security vulnerabilities of a Bluetooth Low Energy device and provide security awareness to users
AI, Robotics, and the Future of Jobs
This report is the latest in a sustained effort throughout 2014 by the Pew Research Center's Internet Project to mark the 25th anniversary of the creation of the World Wide Web by Sir Tim Berners-Lee (The Web at 25).The report covers experts' views about advances in artificial intelligence (AI) and robotics, and their impact on jobs and employment
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
SemiÂAutomatic Generation of Tests for Assessing Correct Integration of Security Mechanisms in the Internet of Things
Internet of Things (IoT) is expanding at a global level and its influence in our daily lives is
increasing. This fast expansion, with companies competing to be the first to deploy new
IoT systems, has led to the majority of the software being created and produced without
due attention being given to security considerations and without adequate security testing. Software quality and security testing are inextricably linked. The most successful
approach to achieve secure software is to adhere to secure development, deployment, and
maintenance principles and practices throughout the development process. Security testing is a procedure for ensuring that a system keeps the users data secure and performs as
expected. However, extensively testing a system can be a very daunting task, that usually
requires professionals to be well versed in the subject, so as to be performed correctly.
Moreover, not all development teams can have access to a security expert to perform security testing in their IoT systems. The need to automate security testing emerged as a
potential means to solve this issue.
This dissertation describes the process undertaken to design and develop a module entitled Assessing Correct Integration of Security Mechanisms (ACISM) that aims to provide
system developers with the means to improve system security by anticipating and preventing potential attacks. Using the list of threats that the system is vulnerable as inputs, this
tool provides developers with a set of security tests and tools that will allow testing how
susceptible the system is to each of those threats. This tool outputs a set of possible attacks
derived from the threats and what tools could be used to simulate these attacks.
The tool developed in this dissertation has the purpose to function as a plugin of a framework called Security Advising Modules (SAM). It has the objective of advising users in the
development of secure IoT, cloud and mobile systems during the design phases of these
systems. SAM is a modular framework composed by a set of modules that advise the user
in different stages of the security engineering process.
To validate the usefulness of the ACISM module in real life, it was tested by 17 computer
science practitioners. The feedback received from these users was very positive. The great
majority of the participants found the tool to be extremely helpful in facilitating the execution of security tests in IoT.
The principal contributions achieved with this dissertation were: the creation of a tool
that outputs a set of attacks and penetration tools to execute the attacks mentioned, all
starting from the threats an IoT system is susceptible to. Each of the identified attacking
tools will be accompanied with a brief instructional guide; all summing up to an extensive
review of the state of the art in testing.A Internet das Coisas (IoT) é um dos paradigmas com maior expansão mundial à data de
escrita da dissertação, traduzindoÂse numa influência incontornável no quotidiano. As
empresas pretendem ser as primeiras a implantar novos sistemas de IoT como resultado
da sua rápida expansão, o que faz com que a maior parte do software seja criado e produzido sem considerações de segurança ou testes de segurança adequados. A qualidade
do software e os testes de segurança estão intimamente ligados. A abordagem mais bemsucedida para obter software seguro é aderir aos princÃpios e práticas de desenvolvimento,
implantação e manutenção seguros em todo o processo de desenvolvimento. O teste de
segurança é um procedimento para garantir que um sistema proteja os dados do utilizador
e execute conforme o esperado.
Esta dissertação descreve o esforço despendido na concepção e desenvolvimento de uma
ferramenta que, tendo em consideração as ameaças às quais um sistema é vulnerável, produz um conjunto de testes e identifica um conjunto de ferramentas de segurança para verificar a susceptibilidade do sistema às mesmas. A ferramenta mencionada anteriormente
foi desenvolvida em Python e tem como valores de entrada uma lista de ameaças às quais
o sistema é vulnerável. Depois de processar estas informações, a ferramenta produz um
conjunto de ataques derivados das ameaças e possÃveis ferramentas a serem usadas para
simular esses ataques.
Para verificar a utilidade da ferramenta em cenários reais, esta foi testada por 17 pessoas
com conhecimento na área de informática. A ferramenta foi avaliada pelos sujeitos de
teste de uma forma muito positiva. A grande maioria dos participantes considerou a ferramenta extremamente útil para auxiliar a realização de testes de segurança em IoT.
As principais contribuições alcançadas com esta dissertação foram: a criação de uma ferramenta que, através das ameaças à s quais um sistema IoT é susceptÃvel, produzirá um
conjunto de ataques e ferramentas de penetração para executar os ataques mencionados.
Cada uma das ferramentas será acompanhada por um breve guia de instruções; uma extensa revisão do estado da arte em testes.The work described in this dissertation was carried out at the Instituto de Telecomunicações, Multimedia Signal Processing – Covilhã Laboratory, in Universidade da Beira Interior, at Covilhã, Portugal. This research work was funded by the S E C U R I o T E S I G N
Project through FCT/COMPETE/FEDER under Reference Number POCIÂ01Â0145ÂFEDER030657 and by Fundação para Ciência e Tecnologia (FCT) research grant with reference
BIL/Nº11/2019ÂB00701
- …