A Study of RPL DODAG Version Attacks

Best Paper AwardInternational audienceThe IETF designed the Routing Protocol for Low power and Lossy Networks (RPL) as a candidate for use in constrained networks. Keeping in mind the different requirements of such networks, the protocol was designed to support multiple routing topologies, called DODAGs, constructed using different objective functions, so as to optimize routing based on divergent metrics. A DODAG versioning system is incorporated into RPL in order to ensure that the topology does not become stale and that loops are not formed over time. However, an attacker can exploit this versioning system to gain an advantage in the topology and also acquire children that would be forced to route packets via this node. In this paper we present a study of possible attacks that exploit the DODAG version system. The impact on overhead, delivery ratio, end-to-end delay, rank inconsistencies and loops is studied

Secure Authenticated Key Exchange for Enhancing the Security of Routing Protocol for Low-Power and Lossy Networks

The current Routing Protocol for Low Power and Lossy Networks (RPL) standard provides three security modes Unsecured Mode (UM), Preinstalled Secure Mode (PSM), and Authenticated Secure Mode (ASM). The PSM and ASM are designed to prevent external routing attacks and specific replay attacks through an optional replay protection mechanism. RPL\u27s PSM mode does not support key replacement when a malicious party obtains the key via differential cryptanalysis since it considers the key to be provided to nodes during the configuration of the network. This thesis presents an approach to implementing a secure authenticated key exchange mechanism for RPL, which ensures the integrity and authentication of the received key while providing tamper-proof data communication for IoTs in insecure circumstances. Moreover, the proposed approach allows the key to be updated regularly, preventing an attacker from obtaining the key through differential cryptanalysis. However, it is observed that the proposed solution imposes an increase in the cost of communication, computation, power consumption, and memory usage for the network nodes

Securing industrial control system environments: the missing piece

Cyberattacks on industrial control systems (ICSs) are no longer matters of anticipation. These systems are continually subject to malicious attacks without much resistance. Network breaches, data theft, denial of service, and command and control functions are examples of common attacks on ICSs. Despite available security solutions, safety, security, resilience, and performance require both private public sectors to step-up strategies to address increasing security concerns on ICSs. This paper reviews the ICS security risk landscape, including current security solution strategies in order to determine the gaps and limitations for effective mitigation. Notable issues point to a greater emphasis on technology security while discounting people and processes attributes. This is clearly incongruent with; emerging security risk trends, the biased security strategy of focusing more on supervisory control and data acquisition systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions need to include approaches that follow similar patterns as the problem trend. These include security measures that are evolutionary by design in response to security risk dynamics. Solutions that recognize and include; people, process and technology security enhancement into asingle system, and addressing all three-entity vulnerabilities can provide a better solution for ICS environments

Improving cyber security in industrial control system environment.

Integrating industrial control system (ICS) with information technology (IT) and internet technologies has made industrial control system environments (ICSEs) more vulnerable to cyber-attacks. Increased connectivity has brought about increased security threats, vulnerabilities, and risks in both technology and people (human) constituents of the ICSE. Regardless of existing security solutions which are chiefly tailored towards technical dimensions, cyber-attacks on ICSEs continue to increase with a proportionate level of consequences and impacts. These consequences include system failures or breakdowns, likewise affecting the operations of dependent systems. Impacts often include; marring physical safety, triggering loss of lives, causing huge economic damages, and thwarting the vital missions of productions and businesses. This thesis addresses uncharted solution paths to the above challenges by investigating both technical and human-factor security evaluations to improve cyber security in the ICSE. An ICS testbed, scenario-based, and expert opinion approaches are used to demonstrate and validate cyber-attack feasibility scenarios. To improve security of ICSs, the research provides: (i) an adaptive operational security metrics generation (OSMG) framework for generating suitable security metrics for security evaluations in ICSEs, and a list of good security metrics methodology characteristics (scope-definitive, objective-oriented, reliable, simple, adaptable, and repeatable), (ii) a technical multi-attribute vulnerability (and impact) assessment (MAVCA) methodology that considers and combines dynamic metrics (temporal and environmental) attributes of vulnerabilities with the functional dependency relationship attributes of the vulnerability host components, to achieve a better representation of exploitation impacts on ICSE networks, (iii) a quantitative human-factor security (capability and vulnerability) evaluation model based on human-agent security knowledge and skills, used to identify the most vulnerable human elements, identify the least security aspects of the general workforce, and prioritise security enhancement efforts, and (iv) security risk reduction through critical impact point assessment (S2R-CIPA) process model that demonstrates the combination of technical and human-factor security evaluations to mitigate risks and achieve ICSE-wide security enhancements. The approaches or models of cyber-attack feasibility testing, adaptive security metrication, multi-attribute impact analysis, and workforce security capability evaluations can support security auditors, analysts, managers, and system owners of ICSs to create security strategies and improve cyber incidence response, and thus effectively reduce security risk.PhD in Manufacturin