58,382 research outputs found
The Internet of Hackable Things
The Internet of Things makes possible to connect each everyday object to the
Internet, making computing pervasive like never before. From a security and
privacy perspective, this tsunami of connectivity represents a disaster, which
makes each object remotely hackable. We claim that, in order to tackle this
issue, we need to address a new challenge in security: education
Vulnerability analysis of satellite-based synchronized smart grids monitoring systems
The large-scale deployment of wide-area monitoring systems could play a strategic role in supporting the evolution of traditional power systems toward smarter and self-healing grids. The correct operation of these synchronized monitoring systems requires a common and accurate timing reference usually provided by a satellite-based global positioning system. Although these satellites signals provide timing accuracy that easily exceeds the needs of the power industry, they are extremely vulnerable to radio frequency interference. Consequently, a comprehensive analysis aimed at identifying their potential vulnerabilities is of paramount importance for correct and safe wide-area monitoring system operation. Armed with such a vision, this article presents and discusses the results of an experimental analysis aimed at characterizing the vulnerability of global positioning system based wide-area monitoring systems to external interferences. The article outlines the potential strategies that could be adopted to protect global positioning system receivers from external cyber-attacks and proposes decentralized defense strategies based on self-organizing sensor networks aimed at assuring correct time synchronization in the presence of external attacks
Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks
We describe a new class of packet injection attacks called Man-on-the-Side
Attacks (MotS), previously only seen where state actors have "compromised" a
number of telecommunication companies. MotS injection attacks have not been
widely investigated in scientific literature, despite having been discussed by
news outlets and security blogs. MotS came to attention after the Edward
Snowden revelations, which described large scale pervasive monitoring of the
Internet's infrastructure. For an advanced adversary attempting to interfere
with IT connected systems, the next logical step is to adapt this class of
attack to a smaller scale, such as enterprise or critical infrastructure
networks. MotS is a weaker form of attack compared to a Man-in-the-Middle
(MitM). A MotS attack allows an adversary to read and inject packets, but not
modify packets sent by other hosts. This paper presents practical experiments
where we have implemented and performed MotS attacks against two testbeds: 1)
on HTTP connections, by redirecting a victim to a host controlled by an
adversary; and 2) on an Industrial Control network, where we inject falsified
command responses to the victim. In both cases, the victims accept the injected
packets without generating a suspiciously large number of unusual packets on
the network. We then perform an analysis of three leading Network IDS to
determine whether the attacks are detected, and discuss mitigation methods
A Survey of RFID Authentication Protocols Based on Hash-Chain Method
Security and privacy are the inherent problems in RFID communications. There
are several protocols have been proposed to overcome those problems. Hash chain
is commonly employed by the protocols to improve security and privacy for RFID
authentication. Although the protocols able to provide specific solution for
RFID security and privacy problems, they fail to provide integrated solution.
This article is a survey to closely observe those protocols in terms of its
focus and limitations.Comment: Third ICCIT 2008 International Conference on Convergence and Hybrid
Information Technolog
Reflections on security options for the real-time transport protocol framework
The Real-time Transport Protocol (RTP) supports a range of video conferencing, telephony, and streaming video ap- plications, but offers few native security features. We discuss the problem of securing RTP, considering the range of applications. We outline why this makes RTP a difficult protocol to secure, and describe the approach we have recently proposed in the IETF to provide security for RTP applications. This approach treats RTP as a framework with a set of extensible security building blocks, and prescribes mandatory-to-implement security at the level of different application classes, rather than at the level of the media transport protocol
- …