OnionBots: Subverting Privacy Infrastructure for Cyber Attacks

Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots achieve a low diameter and a low degree and are robust to partitioning under node deletions. We developed a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and discuss a set of techniques that can enable subsequent waves of Super OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure

Adversarial behaviours knowledge area

The technological advancements witnessed by our society in recent decades have brought improvements in our quality of life, but they have also created a number of opportunities for attackers to cause harm. Before the Internet revolution, most crime and malicious activity generally required a victim and a perpetrator to come into physical contact, and this limited the reach that malicious parties had. Technology has removed the need for physical contact to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio

Multi-Layer Cyber-Physical Security and Resilience for Smart Grid

The smart grid is a large-scale complex system that integrates communication technologies with the physical layer operation of the energy systems. Security and resilience mechanisms by design are important to provide guarantee operations for the system. This chapter provides a layered perspective of the smart grid security and discusses game and decision theory as a tool to model the interactions among system components and the interaction between attackers and the system. We discuss game-theoretic applications and challenges in the design of cross-layer robust and resilient controller, secure network routing protocol at the data communication and networking layers, and the challenges of the information security at the management layer of the grid. The chapter will discuss the future directions of using game-theoretic tools in addressing multi-layer security issues in the smart grid.Comment: 16 page

Contested Deployment

As indicated in the 2018 National Defense Strategy and evolving Multi-Domain Operations doctrine, the assumption the homeland will provide a secure space for mobilization and deployment is no longer valid. This integrated research project goes beyond affirming this assumption and contributes to efforts to mitigate the concerns a contested deployment entails. Following the introductory chapter, Chapter 2, “Army Deployments in a Contested Homeland: A Framework for Protection,” explores how current coordination and cooperation mechanisms between the DoD and state and local government may need realignment, with civil authorities preparing themselves to support military mobilization. Chapter 3, “Strategic Seaports and National Defense in a Contested Environment,” examines the 22 strategic seaports across the United States, identifying issues with throughput, structural integrity, security, readiness, funding, and authorities. Chapter 4, “Single Point of Failure,” identifies how strict adherence to a business efficiency model for munition production and distribution may jeopardize the successful employment of military forces. Chapter 5, “The Interstate Highway System: Reinvestment Needed before a Contested Deployment,” provides the status of the deteriorating road network and explains how associated vulnerabilities could be exploited by an adversary. The two appendices provide points for consideration on cyberattacks and defense and the impacts a full mobilization of reserve forces would have on the homeland.https://press.armywarcollege.edu/monographs/1944/thumbnail.jp

A cyber-security framework for development, defense and innovation at NATO

The article is of strategic nature. It projects the importance of cyber-security as policy, while reflecting the need for enhancing constantly NATO’s (North Atlantic Treaty Organization) cyber-dimensional strategy, management, and operations. There is a policy need for constant innovation and entrepreneurship in security, one that reflects also NATO’s practical needs; its security resilience and business continuity. At a time of strategic challenges and policy recommendations, the production of this article is timely. It examines NATOs Heads of States and Governments decision of the Brussels Summit meeting on Cyber Security that was held in July 2018. The article proposes a framework of strategic re-alignment, with a stronger eye toward practical innovation and entrepreneurship; practicality in operational management, while enhancing political cooperation and tactical/strategic preparation for field operations. The aim, design, and setting of this article explicitly and methodologically evaluates NATO’s security and cyber-security options to come for the near future. The article integrates and proposes a new design for a new format of collective defense. The article considers cyber-defense as key tool for current and future operational and network centric operations. The article enables us to comprehend better the Alliance’ global and regional needs the framework of current and future defense, requesting at the same time for a holistic approach to innovation and entrepreneurship, while new geostrategic and geo-economic challenges emerge

The THREAT-ARREST Cyber-Security Training Platform

Cyber security is always a main concern for critical infrastructures and nation-wide safety and sustainability. Thus, advanced cyber ranges and security training is becoming imperative for the involved organizations. This paper presets a cyber security training platform, called THREAT-ARREST. The various platform modules can analyze an organization’s system, identify the most critical threats, and tailor a training program to its personnel needs. Then, different training programmes are created based on the trainee types (i.e. administrator, simple operator, etc.), providing several teaching procedures and accomplishing diverse learning goals. One of the main novelties of THREAT-ARREST is the modelling of these programmes along with the runtime monitoring, management, and evaluation operations. The platform is generic. Nevertheless, its applicability in a smart energy case study is detailed