Privacy, security, and trust issues in smart environments

Recent advances in networking, handheld computing and sensor technologies have driven forward research towards the realisation of Mark Weiser's dream of calm and ubiquitous computing (variously called pervasive computing, ambient computing, active spaces, the disappearing computer or context-aware computing). In turn, this has led to the emergence of smart environments as one significant facet of research in this domain. A smart environment, or space, is a region of the real world that is extensively equipped with sensors, actuators and computing components [1]. In effect the smart space becomes a part of a larger information system: with all actions within the space potentially affecting the underlying computer applications, which may themselves affect the space through the actuators. Such smart environments have tremendous potential within many application areas to improve the utility of a space. Consider the potential offered by a smart environment that prolongs the time an elderly or infirm person can live an independent life or the potential offered by a smart environment that supports vicarious learning

Implications and Limitations of Securing an InfiniBand Network

The InfiniBand Architecture is one of the leading network interconnects used in high performance computing, delivering very high bandwidth and low latency. As the popularity of InfiniBand increases, the possibility for new InfiniBand applications arise outside the domain of high performance computing, thereby creating the opportunity for new security risks. In this work, new security questions are considered and addressed. The study demonstrates that many common traffic analyzing tools cannot monitor or capture InfiniBand traffic transmitted between two hosts. Due to the kernel bypass nature of InfiniBand, many host-based network security systems cannot be executed on InfiniBand applications. Those that can impose a significant performance loss for the network. The research concludes that not all network security practices used for Ethernet translate to InfiniBand as previously suggested and that an answer to meeting specific security requirements for an InfiniBand network might reside in hardware offload

CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks

Current research in the automotive domain has proven the limitations of the CAN protocol from a security standpoint. Application-layer attacks, which involve the creation of malicious packets, are deemed feasible from remote but can be easily detected by modern IDS. On the other hand, more recent link-layer attacks are stealthier and possibly more disruptive but require physical access to the bus. In this paper, we present CANflict, a software-only approach that allows reliable manipulation of the CAN bus at the data link layer from an unmodified microcontroller, overcoming the limitations of state-of-the-art works. We demonstrate that it is possible to deploy stealthy CAN link-layer attacks from a remotely compromised ECU, targeting another ECU on the same CAN network. To do this, we exploit the presence of pin conflicts between microcontroller peripherals to craft polyglot frames, which allows an attacker to control the CAN traffic at the bit level and bypass the protocol's rules. We experimentally demonstrate the effectiveness of our approach on high-, mid-, and low-end microcontrollers, and we provide the ground for future research by releasing an extensible tool that can be used to implement our approach on different platforms and to build CAN countermeasures at the data link layer.Comment: To appear in CCS'2

Risk driven models & security framework for drone operation in GNSS-denied environments

Flying machines in the air without human inhabitation has moved from abstracts to reality and the concept of unmanned aerial vehicles continues to evolve. Drones are popularly known to use GPS and other forms of GNSS for navigation, but this has unfortunately opened them up to spoofing and other forms of cybersecurity threats. The use of computer vision to find location through pre-stored satellite images has become a suggested solution but this gives rise to security challenges in the form of spoofing, tampering, denial of service and other forms of attacks. These security challenges are reviewed with appropriate requirements recommended. This research uses the STRIDE threat analysis model to analyse threats in drone operation in GNSS-denied environment. Other threat models were considered including DREAD and PASTA, but STRIDE is chosen because of its suitability and the complementary ability it serves to other analytical methods used in this work. Research work is taken further to divide the drone system into units based in similarities in functions and architecture. They are then subjected to Failure Mode and Effects Analysis (FMEA), and Fault Tree Analysis (FTA). The STRIDE threat model is used as base events for the FTA and an FMEA is conducted based on adaptations from IEC 62443-1-1, Network and System Security- Terminology, concepts, and models and IEC 62443-3-2, security risk assessment for system design. The FTA and FMEA are widely known for functional safety purposes but there is a divergent use for the tools where we consider cybersecurity vulnerabilities specifically, instead of faults. The IEC 62443 series has become synonymous with Industrial Automation and Control Systems. However, inspiration is drawn from that series for this work because, drones, as much as any technological gadget in play recently, falls under a growing umbrella of quickly evolving devices, known as Internet of Things (IoT). These IoT devices can be principally considered as part of Industrial Automation and Control Systems. Results from the analysis are used to recommend security standards & requirements that can be applied in drone operation in GNSS-denied environments. The framework recommended in this research is consistent with IEC 62443-3-3, System security requirements and security levels and has the following categorization from IEC 62443-1-1, identification, and authentication control, use control, system integrity, data confidentiality, restricted data flow, timely response to events and resource availability. The recommended framework is applicable and relevant to military, private and commercial drone deployment because the framework can be adapted and further tweaked to suit the context which it is intended for. Application of this framework in drone operation in GNSS denied environment will greatly improve upon the cyber resilience of the drone network system

PNT cyber resilience : a Lab2Live observer based approach, Report 1 : GNSS resilience and identified vulnerabilities. Technical Report 1

The use of global navigation satellite systems (GNSS) such as GPS and Galileo are vital sources of positioning, navigation and timing (PNT) information for vehicles. This information is of critical importance for connected autonomous vehicles (CAVs) due to their dependence on this information for localisation, route planning and situational awareness. A downside to solely relying on GNSS for PNT is that the signal strength arriving from navigation satellites in space is weak and currently there is no authentication included in the civilian GNSS adopted in the automotive industry. This means that cyber-attacks against the GNSS signal via jamming or spoofing are attractive to adversaries due to the potentially high impact they can achieve. This report reviews the vulnerabilities of GNSS services for CAVs (a summary is shown in Figure 1), as well as detection and mitigating techniques, summarises the opinions on PNT cyber testing sourced from a select group of experts, and finishes with a description of the associated lab-based and real-world feasibility study and proposed research methodology