Outsmarting Network Security with SDN Teleportation

Software-defined networking is considered a promising new paradigm, enabling more reliable and formally verifiable communication networks. However, this paper shows that the separation of the control plane from the data plane, which lies at the heart of Software-Defined Networks (SDNs), introduces a new vulnerability which we call \emph{teleportation}. An attacker (e.g., a malicious switch in the data plane or a host connected to the network) can use teleportation to transmit information via the control plane and bypass critical network functions in the data plane (e.g., a firewall), and to violate security policies as well as logical and even physical separations. This paper characterizes the design space for teleportation attacks theoretically, and then identifies four different teleportation techniques. We demonstrate and discuss how these techniques can be exploited for different attacks (e.g., exfiltrating confidential data at high rates), and also initiate the discussion of possible countermeasures. Generally, and given today's trend toward more intent-based networking, we believe that our findings are relevant beyond the use cases considered in this paper.Comment: Accepted in EuroSP'1

Canine-centered interface design: supporting the work of diabetes alert dogs

Many people with Diabetes live with the continuous threat of hypoglycaemic attacks and the danger of going into coma. Diabetic Alert Dogs are trained to detect the onset of an attack before the human handler they are paired with deteriorates, giving them time to take action. We investigated requirements for designing an alert system allowing dogs to remotely call for help when their human falls unconscious before being able to react to an alert. Through a multispecies ethnographic approach we focus on teasing out the requirements for a physical canine user interface, involving both dogs, their handlers and trainers in the design. We discuss tensions between the requirements for the canine and the human users, argue the need for increased sensitivity towards the needs of individual dogs that goes beyond breed specific physical characteristics and reflect on how we can move from designing for dogs to designing with dogs

Robustness of Attack-Resilient State Estimators

The interaction between information technology and physical world makes Cyber-Physical Systems (CPS) vulnerable to malicious attacks beyond the standard cyber attacks. This has motivated the need for attack-resilient state estimation. Yet, the existing state-estimators are based on the non-realistic assumption that the exact system model is known. Consequently, in this work we present a method for state estimation in presence of attacks, for systems with noise and modeling errors. When the the estimated states are used by a state-based feedback controller, we show that the attacker cannot destabilize the system by exploiting the difeerence between the model used for the state estimation and the real physical dynamics of the system. Furthermore, we describe how implementation issues such as jitter, latency and synchronization errors can be mapped into parameters of the state estimation procedure that describe modeling errors, and provide a bound on the state-estimation error caused by modeling errors. This enables mapping control performance requirements into real-time (i.e., timing related) specifications imposed on the underlying platform. Finally, we illustrate and experimentally evaluate this approach on an unmanned ground vehicle case-study

Cyber-physical Systems (CPS) Security: State of the Art and Research Opportunities for Information Systems Academics

Attacks on cyber-physical systems (CPS) continue to grow in frequency. However, cybersecurity academics and practitioners have so far focused primarily on computer systems and networks rather than CPS. Given the alarming frequency with which cybercriminals attack CPS and the unique cyber-physical relationship in CPS, we propose that CPS security needs go beyond what purely computer and network security requires. Thus, we require more focused research on cybersecurity based on the cyber-physical relationship between various CPS components. In this paper, we stock of the current state of CPS security and identify research opportunities for information systems (IS) academics

Developing a Proportionate Response to a Cyber Attack

The debate on both the impacts of cyber attacks and how to response to attacks is active but precedents are only a few. Strategies and political speeches are always (at least partially) declaratory and vague by nature, and beyond these declarations the practical reality of cyber security as a matter of national security issue is challenging. At the same time cyber issues have catapulted into the highest of the high politics, cyberpolitics, and the line of digital and physical is blurring in many ways. Primary intention of this paper is to encourage the national policies concerning on the issue of how cyber attacks should be treated and lead to policies for response. The paper determinates five variables which policymakers need to consider when evaluating appropriate response to a state-sponsored cyber attack. As offensive cyber activity becomes more prevalent, policymakers will be challenged to develop proportionate responses to disruptive or destructive attacks. Already, there has been significant pressure to “do something” in light of the allegedly state-sponsored attacks. Proportionate response is a complicated political question and also situational dependent. This paper analyses in a comprehensive way how cyber attacks will be treated especially as a political question, and this paper represents a rough example of the framework that policymakers should build on

Cyber-physical security of a chemical plant

The increasing number of cyber attacks on industries demands immediate attention for providing more secure mechanisms to safeguard industries and minimize risks. A supervisory control and data acquisition (SCADA) system employing the distributed networks of sensors and actuators that interact with the physical environment is vulnerable to attacks that target the interface between the cyber and physical subsystems. These cyber attacks are typically malicious actions that cause undesired results in the cyber physical world, for example, the Stuxnet attack that targeted Iran\u27s nuclear centrifuges. An attack that hijacks the sensors in an attempt to provide false readings to the controller can be used to feign normal system operation for the control system, while the attacker can hijack the actuators to send the system beyond its safety range. Cyber physical systems (CPS) being used in industries such as oil and gas, chemical process plants and the like are termed Industrial Control Systems (ICS). Control system security is aimed at preventing intentional or unintentional interference with the proper operation of ICS. This thesis proposes a process-aware approach with the use of invariant equations based on the physical and chemical properties of the process and a Multiple Security Domain Nondeducibility (MSDND) framework to detect when a sensor signal is being maliciously manipulated. We have taken a benzene production plant as case study to illustrate our approach and its effectiveness in determining the state of the system. A system without any MSDND secure information flows between the CPS and cyber monitors has fewer weaknesses that can be exploited --Abstract, page iii

Cyber-Physical System Checkpointing and Recovery

Transitioning to more open architectures has been making Cyber-Physical Systems (CPS) vulnerable to malicious attacks that are beyond the conventional cyber attacks. This paper studies attack-resilience enhancement for a system under emerging attacks in the environment of the controller. An effective way to address this problem is to make system state estimation accurate enough for control regardless of the compromised components. This work follows this way and develops a procedure named CPS checkpointing and recovery, which leverages historical data to recover failed system states. Specially, we first propose a new concept of physical-state recovery. The essential operation is defined as rolling the system forward starting from a consistent historical system state. Second, we design a checkpointing protocol that defines how to record system states for the recovery. The protocol introduces a sliding window that accommodates attack-detection delay to improve the correctness of stored states. Third, we present a use case of CPS checkpointing and recovery that deals with compromised sensor measurements. At last, we evaluate our design through conducting simulator-based experiments and illustrating the use of our design with an unmanned vehicle case study

Proximity Assurances Based on Natural and Artificial Ambient Environments

Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 ms for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements

Real-time Adaptive Sensor Attack Detection and Recovery in Autonomous Cyber-physical Systems

Cyber-Physical Systems (CPS) tightly couple information technology with physical processes, which rises new vulnerabilities such as physical attacks that are beyond conventional cyber attacks.Attackers may non-invasively compromise sensors and spoof the controller to perform unsafe actions. This issue is even emphasized with the increasing autonomy in CPS. While this fact has motivated many defense mechanisms against sensor attacks, a clear vision of the timing and usability (or the false alarm rate) of attack detection still remains elusive. Existing works tend to pursue an unachievable goal of minimizing the detection delay and false alarm rate at the same time, while there is a clear trade-off between the two metrics. Instead, this dissertation argues that attack detection should bias different metrics (detection delay and false alarm) when a system sits in different states. For example, if the system is close to unsafe states, reducing the detection delay is preferable to lowering the false alarm rate, and vice versa. This dissertation proposes two real-time adaptive sensor attack detection frameworks. The frameworks can dynamically adapt the detection delay and false alarm rate so as to meet a detection deadline and improve usability according to different system statuses. We design and implement the proposed frameworks and validate them using realistic sensor data of automotive CPS to demonstrate its efficiency and efficacy. Further, this dissertation proposes \textit{Recovery-by-Learning}, a data-driven attack recovery framework that restores CPS from sensor attacks. The importance of attack recovery is emphasized by the need to mitigate the attack\u27s impact on a system and restore it to continue functioning. We propose a double sliding window-based checkpointing protocol to remove compromised data and keep trustful data for state estimation. Together, the proposed solutions enable a holistic attack resilient solution for automotive cyber-physical systems

SMS-I: Intelligent Security for Cyber–Physical Systems

Critical infrastructures are an attractive target for attackers, mainly due to the catastrophic impact of these attacks on society. In addition, the cyber–physical nature of these infrastructures makes them more vulnerable to cyber–physical threats and makes the detection, investigation, and remediation of security attacks more difficult. Therefore, improving cyber–physical correlations, forensics investigations, and Incident response tasks is of paramount importance. This work describes the SMS-I tool that allows the improvement of these security aspects in critical infrastructures. Data from heterogeneous systems, over different time frames, are received and correlated. Both physical and logical security are unified and additional security details are analysed to find attack evidence. Different Artificial Intelligence (AI) methodologies are used to process and analyse the multi-dimensional data exploring the temporal correlation between cyber and physical Alerts and going beyond traditional techniques to detect unusual Events, and then find evidence of attacks. SMS-I’s Intelligent Dashboard supports decision makers in a deep analysis of how the breaches and the assets were explored and compromised. It assists and facilitates the security analysts using graphical dashboards and Alert classification suggestions. Therefore, they can more easily identify anomalous situations that can be related to possible Incident occurrences. Users can also explore information, with different levels of detail, including logical information and technical specifications. SMS-I also integrates with a scalable and open Security Incident Response Platform (TheHive) that enables the sharing of information about security Incidents and helps different organizations better understand threats and proactively defend their systems and networks.This research was funded by the Horizon 2020 Framework Programme under grant agreement No 832969. This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein. For more information on the project see: http://satie-h2020.eu/.info:eu-repo/semantics/publishedVersio