A Comparison of Stealthy Sensor Attacks on Control Systems

As more attention is paid to security in the context of control systems and as attacks occur to real control systems throughout the world, it has become clear that some of the most nefarious attacks are those that evade detection. The term stealthy has come to encompass a variety of techniques that attackers can employ to avoid detection. Here we show how the states of the system (in particular, the reachable set corresponding to the attack) can be manipulated under two important types of stealthy attacks. We employ the chi-squared fault detection method and demonstrate how this imposes a constraint on the attack sequence either to generate no alarms (zero-alarm attack) or to generate alarms at a rate indistinguishable from normal operation (hidden attack)

Will SDN be part of 5G?

For many, this is no longer a valid question and the case is considered settled with SDN/NFV (Software Defined Networking/Network Function Virtualization) providing the inevitable innovation enablers solving many outstanding management issues regarding 5G. However, given the monumental task of softwarization of radio access network (RAN) while 5G is just around the corner and some companies have started unveiling their 5G equipment already, the concern is very realistic that we may only see some point solutions involving SDN technology instead of a fully SDN-enabled RAN. This survey paper identifies all important obstacles in the way and looks at the state of the art of the relevant solutions. This survey is different from the previous surveys on SDN-based RAN as it focuses on the salient problems and discusses solutions proposed within and outside SDN literature. Our main focus is on fronthaul, backward compatibility, supposedly disruptive nature of SDN deployment, business cases and monetization of SDN related upgrades, latency of general purpose processors (GPP), and additional security vulnerabilities, softwarization brings along to the RAN. We have also provided a summary of the architectural developments in SDN-based RAN landscape as not all work can be covered under the focused issues. This paper provides a comprehensive survey on the state of the art of SDN-based RAN and clearly points out the gaps in the technology.Comment: 33 pages, 10 figure

Detection of False Data Injection Attacks in Multi-Microgrid

In this thesis an Intrusion Detection System was developed to fight False Data Injection Attacks in Multi-Microgrids. Multi-Microgrids are a part of future power systems and they form the core part of critical infrastructure where resiliency and availability are exceedingly important. Severe consequences in the main power grid can happen if security is not taken into account. The Energy Management System has to be protected against cyber-attacks and one of the dire threats is a False Data Injection Attack. False Data Injections in Energy Management Systems are among the critical threats that need to be taken seriously as they can cause a major harm. In this thesis, the impact of a False Data Injection Attack on Multi-Microgrids and Energy Management Systems has been explored. It has also been researched how to detect these attacks by designing and developing a Multi-Microgrid model in MATLAB/Simulink for emulating the operation of Multi-Microgrid. The MATLAB/Simulink model simulates a Multi-Microgrid environment over the course of 24 hours. To detect False Data Injection Attacks from the data created in this simulation a Kalman Filter based Intrusion Detection System was developed. The Kalman Filter based Intrusion Detection System analyzes simulation data for possible False Data Injection Attacks. Further analysis was done based on the results of the Kalman Filter based Intrusion Detection System implementation. The implementation was tested with a set of attack simulations. The results analysis revealed that developed Kalman Filter based Intrusion Detection System is suitable for detecting simple attacks but it has low accuracy for complex intrusion attacks. With taking into account only the types of attacks the implementation was initially planned to detect the detection rate averaged to 87 %. The detection accuracy could be improved in future work by considering complex attack types early on in the implementation of the detection system. Securing power systems against malicious actors from causing harm or gaining financial benefits is a far-reaching research topic with plenty of future paths to explore. Kalman Filter based methods are one of the potential methods for detecting False Data Injection Attacks in Energy Management Systems. More research on Kalman Filter based protections is part of the ongoing race in protecting ourselves from cyber-attacks against critical infrastructure

Understanding and Countermeasures against IoT Physical Side Channel Leakage

With the proliferation of cheap bulk SSD storage and better batteries in the last few years we are experiencing an explosion in the number of Internet of Things (IoT) devices flooding the market, smartphone connected point-of-sale devices (e.g. Square), home monitoring devices (e.g. NEST), fitness monitoring devices (e.g. Fitbit), and smart-watches. With new IoT devices come new security threats that have yet to be adequately evaluated. We propose uLeech, a new embedded trusted platform module for next-generation power scavenging devices. Such power scavenging devices are already widely deployed. For instance, the Square point-of-sale reader uses the microphone/speaker interface of a smartphone for communications and as a power supply. Such devices are being used as trusted devices in security-critical applications, without having been adequately evaluated. uLeech can securely store keys and provide cryptographic services to any connected smartphone. Our design also facilitates physical side-channel security analysis by providing interfaces to facilitate the acquisition of power traces and clock manipulation attacks. Thus uLeech empowers security researchers to analyze leakage in next- generation embedded and IoT devices and to evaluate countermeasures before deployment. Even the most secure systems reveal their secrets through secret-dependent computation. Secret- dependent computation is detectable by monitoring a system’s time, power, or outputs. Common defenses to side-channel emanations include adding noise to the channel or making algorithmic changes to mitigate specific side-channels. Unfortunately, existing solutions are not automatic, not comprehensive, or not practical. We propose an isolation-based approach for eliminating power and timing side-channels that is automatic, comprehensive, and practical. Our approach eliminates side-channels by leveraging integrated decoupling capacitors to electrically isolate trusted computation from the adversary. Software has the ability to request a fixed- power/time quantum of isolated computation. By discretizing power and time, our approach controls the granularity of side-channel leakage; the only burden on programmers is to ensure that all secret-dependent execution differences converge within a power/time quantum. We design and implement three approaches to power/time-based quantization and isolation: a wholly-digital version, a hybrid version that uses capacitors for time tracking, and a full- custom version. We evaluate the overheads of our proposed controllers with respect to software implementations of AES and RSA running on an ARM- based microcontroller and hardware implementations AES and RSA using a 22nm process technology. We also validate the effectiveness and real-world efficiency of our approach by building a prototype consisting of an ARM microcontroller, an FPGA, and discrete circuit components. Lastly, we examine the root cause of Electromagnetic (EM) side-channel attacks on Integrated Circuits (ICs) to augment the Quantized Computing design to mitigate EM leakage. By leveraging the isolation nature of our Quantized Computing design, we can effectively reduce the length and power of the unintended EM antennas created by the wire layers in an IC

Reviewing the Effectivity Factor in Existing Techniques of Image Forensics

Studies towards image forensics are about a decade old and various forms of research techniques have been presented till date towards image forgery detection. Majority of the existing techniques deals with identification of tampered regions using different forms of research methodologies. However, it is still an open-end question about the effectiveness of existing image forgery detection techniques as there is no reported benchmarked outcome till date about it. Therefore, the present manuscript discusses about the most frequently addressed image attacks e.g. image splicing and copy-move attack and elaborates the existing techniques presented by research community to resist it. The paper also contributes to explore the direction of present research trend with respect to tool adoption, database adoption, and technique adoption, and frequently used attack scenario. Finally, significant open research gap are explored after reviewing effectiveness of existing techniques

A testbed to simulate cyber attacks on nuclear power plants

Nuclear power plants are critical infrastructures that must be safe and secure from undesirable intrusions: these intrusions are both physical and cyber. The increasing usage of digital control and computer systems, for supervisory control and data acquisition in the control rooms of new generation nuclear reactors, has introduced several cyber security issues that must be addressed. One of the most significant problems is that this new technology has increased the vulnerability of the nuclear power plant to cyber security threats. Furthermore, this exposed vulnerability is one of the main reasons that the transition to digital control rooms connected to enterprise network (or the internet) has been slow and hesitant. In order to address these issues and ensure that a digital control system is safe and secure from undesirable intrusions, the system must go through extensive tests and validation. These tests will verify that systems are safe and properly functioning. The vulnerabilities of a nuclear power plant can be determined through conducting cyber security exercises, cyber security attacks scenarios, and simulated attacks. All these events can be performed using the control room in the nuclear power plant, but it is a complicated and hampered process because of the complex hardware and software interactions that must be considered. Control rooms are also not ideal places to test various cyber attacks and scenarios because any mishap can lead to detrimental impacts on the nearby surroundings. This research attempts to present our approach to build a comparative testbed that captures the relevant complexity of a nuclear power plant. A testbed is developed and designed to assess the vulnerabilities that are introduced by using public networks for communications. The testbed is also used to simulate different cyber attack scenarios and it will serve to present detection mechanisms that are based on the understanding of the controlled physical system