Securing CAN-Based Cyber-Physical Systems

With the exponential growth of cyber-physical systems (CPSs), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lacks a systematic review of the CPS security literature. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it difficult to study the problem with one generalized model. As the first component of this dissertation, existing research on CPS security is studied and systematized under a unified framework. Smart cars, as a CPS application, were further explored under the proposed framework and new attacks are identified and addressed. The Control Area Network (CAN bus) is a prevalent serial communication protocol adopted in industrial CPS, especially in small and large vehicles, ships, planes, and even in drones, radar systems, and submarines. Unfortunately, the CAN bus was designed without any security considerations. We then propose and demonstrate a stealthy targeted Denial of Service (DoS) attack against CAN. Experimentation shows that the attack is effective and superior to attacks of the same category due to its stealthiness and ability to avoid detection from current countermeasures. Two controls are proposed to defend against various spoofing and DoS attacks on CAN. The first one aims to minimize the attack using a mechanism called ID-Hopping so that CAN arbitration IDs are randomized so an attacker would not be able to target them. ID-Hopping raises the bar for attackers by randomizing the expected patterns in a CAN network. Such randomization hinders an attacker’s ability to launch targeted DoS attacks. Based on the evaluation on the testbed, the randomization mechanism, ID-Hopping, holds a promising solution for targeted DoS, and reverse engineering CAN IDs, and which CAN networks are most vulnerable. The second countermeasure is a novel CAN firewall that aims to prevent an attacker from launching a plethora of nontraditional attacks on CAN that existing solutions do not adequately address. The firewall is placed between a potential attacker’s node and the rest of the CAN bus. Traffic is controlled bi-directionally between the main bus and the attacker’s side so that only benign traffic can pass to the main bus. This ensures that an attacker cannot arbitrarily inject malicious traffic into the main bus. Demonstration and evaluation of the attack and firewall were conducted by a bit-level analysis, i.e., “Bit banging”, of CAN’s traffic. Results show that the firewall successfully prevents the stealthy targeted DoS attack, as well as, other recent attacks. To evaluate the proposed attack and firewall, a testbed was built that consisted of BeagleBone Black and STM32 Nucleo- 144 microcontrollers to simulate real CAN traffic. Finally, a design of an Intrusion Detection System (IDS) was proposed to complement the firewall. It utilized the proposed firewall to add situational awareness capabilities to the bus’s security posture and detect and react to attacks that might bypass the firewall based on certain rules

Comparing Apples and Oranges in Trademark Law: Challenging International and Constitutional Validity of Plain Packaging of Tobacco Products, 13 J. Marshall Rev. Intell. Prop. L. 130 (2013)

Plain packaging, a new tobacco control tool being considered by a growing number of countries, mandates the removal of all attractive and promotional aspects of tobacco product packages. As a result of plain packaging, the only authorized feature remaining on a tobacco package is the brand name, displayed in a standardized font, size, color, and location on the package. At issue is the meaning of “use” of trademarks on plain packaging, and whether plain packaging amounts to the creation of an invalid encumbrance. The tobacco industry and other regulated sectors (including wine, fast-food, and pharmaceuticals) also believe that plain packaging jeopardizes trademark rights and contravenes certain Constitutional provisions. In particular, they argue that governments do, and are, in fact, capable of “acquiring,” property, or that governments could be construed as “taking” property on unjust terms, contrary to Constitutional guarantees. The tobacco industry’s efforts to fight plain packaging in the courts have, however, proven futile thus far—particularly in Australia. This article, after introducing the reader to the dawn and rationale of plain packaging from a quasi-legal and marketing perspective, examines the compatibility of normative arguments for plain packaging within the international framework for trademark protection (as preserved in the TRIPS Agreement). It then looks at the way in which these arguments and that framework have shaped the constitutional validity of plain packaging of tobacco products in the United States and Australia. In drawing on these jurisdictions that, alongside the European Union, incorporate rather aggressive tobacco control legislation, this paper highlights the nuanced geographic and legal contexts that complicate global regulatory control, which play an important role in advancing global public health in the face of trade-related objections. Finally, this paper proposes methods for dealing with current legal challenges to global tobacco control regulations and suggests that there are strong arguments to deny private entities that seek to establish a successful case by purporting to invalidate plain packaging legislation

Working Performatively with Interactive 3D Printing: An artistic practice utilising interactive programming for computational manufacturing and livecoding

This thesis explores the liminal space where personal computational art and design practices and mass-manufacturing technologies intersect. It focuses on what it could look and feel like to be a computationally-augmented, creative practitioner working with 3D printing in a more programmatic, interactive way. The major research contribution is the introduction of a future-looking practice of Interactive 3D Printing (I3DP).I3DP is articulated using the Cognitive Dimensions of Notations in terms of associated user activities and design trade-offs. Another contribution is the design, development, and analysis of a working I3DP system called LivePrinter. LivePrinter is evaluated through a series of qualitiative user studies and a personal computational art practice, including livecoding performances and 3D form-making

Model checking security protocols : a multiagent system approach

Security protocols specify the communication required to achieve security objectives, e.g., data-privacy. Such protocols are used in electronic media: e-commerce, e-banking, e-voting, etc. Formal verification is used to discover protocol-design flaws. In this thesis, we use a multiagent systems approach built on temporal-epistemic logic to model and analyse a bounded number of concurrent sessions of authentication and key-establishment protocols executing in a Dolev-Yao environment. We increase the expressiveness of classical, trace-based frameworks by mapping each protocol requirement into a hierarchy of temporal-epistemic formulae. To automate our methodology, we design and implement a tool called PD2IS. From a high-level protocol description, PD2IS produces our protocol model and the temporal-epistemic specifications of the protocol’s goals. This output is verified with the model checker MCMAS. We benchmark our methodology on various protocols drawn from standard repositories. We extend our approach to formalise protocols described by equations of cryptographic primitives. The core of this extension is an indistinguishability relation to accommodate the underlying protocol equations. Based on this relation, we introduce a knowledge modality and an algorithm to model check multiagent systems against it. These techniques are applied to verify e-voting protocols. Furthermore, we develop our methodology towards intrusion-detection techniques. We introduce the concept of detectability, i.e., the ability of protocol participants to detect jointly that the protocol is being attacked. We extend our formalisms and PD2IS to support detectability analysis. We model check several attack-prone protocols against their detectability specifications

Model Checking Security Protocols: A Multiagent System Approach

Security protocols specify the communication required to achieve security objectives, e.g., data-privacy. Such protocols are used in electronic media: e-commerce, e-banking, e-voting, etc. Formal verification is used to discover protocol-design flaws. In this thesis, we use a multiagent systems approach built on temporal-epistemic logic to model and analyse a bounded number of concurrent sessions of authentication and key-establishment protocols executing in a Dolev-Yao environment. We increase the expressiveness of classical, trace-based frameworks by mapping each protocol requirement into a hierarchy of temporal-epistemic formulae. To automate our methodology, we design and implement a tool called PD2IS. From a high-level protocol description, PD2IS produces our protocol model and the temporal-epistemic specifications of the protocol’s goals. This output is verified with the model checker MCMAS. We benchmark our methodology on various protocols drawn from standard repositories. We extend our approach to formalise protocols described by equations of cryptographic primitives. The core of this extension is an indistinguishability relation to accommodate the underlying protocol equations. Based on this relation, we introduce a knowledge modality and an algorithm to model check multiagent systems against it. These techniques are applied to verify e-voting protocols. Furthermore, we develop our methodology towards intrusion-detection techniques. We introduce the concept of detectability, i.e., the ability of protocol participants to detect jointly that the protocol is being attacked. We extend our formalisms and PD2IS to support detectability analysis. We model check several attack-prone protocols against their detectability specifications

“Be a Pattern for the World”: The Development of a Dark Patterns Detection Tool to Prevent Online User Loss

Dark Patterns are designed to trick users into sharing more information or spending more money than they had intended to do, by configuring online interactions to confuse or add pressure to the users. They are highly varied in their form, and are therefore difficult to classify and detect. Therefore, this research is designed to develop a framework for the automated detection of potential instances of web-based dark patterns, and from there to develop a software tool that will provide a highly useful defensive tool that helps detect and highlight these patterns

Minding the Gap: Computing Ethics and the Political Economy of Big Tech

In 1988 Michael Mahoney wrote that “[w]hat is truly revolutionary about the computer will become clear only when computing acquires a proper history, one that ties it to other technologies and thus uncovers the precedents that make its innovations significant” (Mahoney, 1988). Today, over thirty years after this quote was written, we are living right in the middle of the information age and computing technology is constantly transforming modern living in revolutionary ways and in such a high degree that is giving rise to many ethical considerations, dilemmas, and social disruption. To explore the myriad of issues associated with the ethical challenges of computers using the lens of political economy it is important to explore the history and development of computer technology