A haystack full of needles: scalable detection of IoT devices in the wild

Consumer Internet of Things (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. These functionalities often come with significant privacy and security risks, with notable recent large scale coordinated global attacks disrupting large service providers. Thus, an important first step to address these risks is to know what IoT devices are where in a network. While some limited solutions exist, a key question is whether device discovery can be done by Internet service providers that only see sampled flow statistics. In particular, it is challenging for an ISP to efficiently and effectively track and trace activity from IoT devices deployed by its millions of subscribers --all with sampled network data. In this paper, we develop and evaluate a scalable methodology to accurately detect and monitor IoT devices at subscriber lines with limited, highly sampled data in-the-wild. Our findings indicate that millions of IoT devices are detectable and identifiable within hours, both at a major ISP as well as an IXP, using passive, sparsely sampled network flow headers. Our methodology is able to detect devices from more than 77% of the studied IoT manufacturers, including popular devices such as smart speakers. While our methodology is effective for providing network analytics, it also highlights significant privacy consequences

Revealing Utilization at Internet Interconnection Points

Recent Internet interconnection disputes have sparked an in- creased interest in developing methods for gathering and collecting data about utilization at interconnection points. One mechanism, developed by DeepField Networks, allows Internet service providers (ISPs) to gather and aggregate utilization information using network flow statistics, standardized in the Internet Engineering Task Force as IPFIX. This report (1) provides an overview of the method that DeepField Networks is using to measure the utilization of various interconnection links between content providers and ISPs or links over which traffic between content and ISPs flow; and (2) surveys the findings from five months of Internet utilization data provided by seven participating ISPs---Bright House Networks, Comcast, Cox, Mediacom, Midco, Suddenlink, and Time Warner Cable---whose access networks represent about 50% of all U.S. broadband subscribers. The dataset includes about 97% of the paid peering, settlement-free peering, and ISP-paid transit links of each of the participating ISPs. Initial analysis of the data---which comprises more than 1,000 link groups, representing the diverse and substitutable available routes---suggests that many interconnects have significant spare capacity, that this spare capacity exists both across ISPs in each region and in aggregate for any individual ISP, and that the aggregate utilization across interconnects interconnects is roughly 50% during peak periods

Zvýšení viditelnosti komunikace IEC ve smart gridu

Energy systems like smart grids are part of critical infrastructure and their interruption or blackout may have fatal consequences on energy production, distribution, and eventually the life of individual people. In order to secure communication in Industrial Control Systems (ICS) and detect cyber attacks on smart grids, we need to increase visibility of ICS communication so that an operator can see what commands are sent between ICS devices. Security monitoring of ICS transmission requires (i) retrieving monitoring data from ICS packets, (ii) processing and analyzing extracted data, (iii) visualizing the passing communication to the operator. The  proposed work presents a concept of ICS flow monitoring system that extracts meta data from ICS packet headers and creates ICS flow records similarly to Netflow/IPFIX system. ICS flows represent communication in the smart grid network that is further visualized using dashboard and communication charts. Unlike traditional monitoring approach that works with network and transport layer data only, we extend flow monitoring to application layer with focus on ICS protocols. The proposed approach is demonstrated on monitoring IEC 60870-5-104 communication.Energetické systémy, jako jsou například chytré energetické sítě Smart Grid, tvoří kritickou infrastrukturu a jejich přerušení či výpadek mohou mít fatální důsledky na produkci a přenos energie, případně i životy lidí. K zabezpečení komunikace průmyslových řídících systémů ICS a k detekci kybernetických útoků na tyto systémy potřebujeme zvýšit viditelnost komunikace ICS tak, aby operátor mohl sledovat předávané zprávy. Bezpečnostní monitorování ICS přenosů zahrnuje extrakci informací z ICS paketů, zpracování a analýzu extrahovaných dat a vizualizaci probíhající komunikace operátorovi.  Tento článek ukazuje koncept monitorování toků ICS rozšířením Netflow/IPFIX systému. ICS toky pak reprezentují komunikaci v ICS systému, která může být znázorněna na řídícím panelu operátora. Narozdíl od tradičního monitorování, které sleduje pouze síťovou a transportní vrstvu, jsme rozšířili sběr dat i na protokoly ICS. Navrhovaný postup je demonstrován na komunikaci IEC 60870-5-104

Silent cerebral infarcts after cardiac catheterization: a randomized comparison of radial and femoral approaches

Single center studies using serial cerebral diffusion-weighted magnetic resonance imaging in patients having cardiac catheterization have suggested that cerebral microembolism might be responsible for silent cerebral infarct (SCI) as high as 15% to 22%. We evaluated in a multicenter trial the incidence of SCIs after cardiac catheterization and whether or not the choice of the arterial access site might impact this phenomenon